Indicative of the growing security challenge is the emergence of increasingly intricate, blended threats, such as Nimda and Beagle. Unlike yesterday's viruses, blended threats combine the characteristics of viruses, worms, Trojan horses, and other malicious code with multiple methods of exploiting server and Internet vulnerabilities to initiate, transmit, and spread attacks. For example, writers are currently developing blended threats that increasingly use employee Web access as an entry point into the corporate network.
There is a clear incentive to continue adding layer upon layer of security band-aids in the form of bolt-on products to shore up a company's defences. But with this plethora of devices and products comes the responsibility of managing them - and managing such a range of security measures particularly over a multi-site organisation, increasingly becomes one big headache.
Adding more security products doesn't necessarily equate to better security. In fact if the security manager is unable to control these disparate systems it can lead to further problems. To qualify this, security managers already have to deal with hundreds of configuration updates and log reports to and from firewalls, virus scanners and intrusion detection devices, and naturally find it challenging to keep on top of it all. A single firewall on a busy network can generate log data running into the Gigabytes per hour.
This explains why at ScanSafe we are witnessing, in common with other providers of managed security services, a rapid rise in the number of companies (SMEs and large businesses alike) that are prepared to outsource certain elements of their security protection to trusted partners. And why IDC, the market analyst, predicts global sales of managed security services could reach $2.2bn by 2005, a dramatic increase from just $140M in 2000.
Faced with the evolving virus threat, companies have to decide which elements of their security they are interested in and best positioned to manage themselves. Effective virus protection, for example, involves frequent signature updates, regular software patching (such as applying frequent Internet Explorer updates as soon as these become available), as well as ongoing maintenance and review of the anti-virus systems in place. Many security managers recognise this doesn't equate to the best use of their resources and yet reducing their input would leave their systems vulnerable.
Turning to a trusted provider to manage web virus threats, or other specific security areas, can help reduce the burden on the IT manager as well as staffing and infrastructure costs. Keeping track of incoming virus threats can be a time consuming task for the IT manager and often results in an enterprise investing in expensive training courses or having to increase headcount. When the service is managed the appropriate level of expertise can be given to virus monitoring as well as the right infrastructure. Outsourcing can also provide enterprises with technology that would not otherwise be available, which is particularly likely in the fast-moving field of virus protection. An example of this would be a provider that gives real-time centralised analysis of data to proactively stop web virus threats.
However, while companies prefer best-of-breed solutions they would prefer not to manage too many different products or relationships. This is why many managed providers need to broaden their service portfolios while ensuring their focus is narrow enough to provide valuable expertise. For example, a company looking to manage web threats will increasingly look for a one-stop shop for web filtering and virus protection.
There will always be elements of security that companies prefer to manage internally. Security managers need to assess each potential threat and decide which is the best form of defence before adding new products. Stretching internal resources too thinly could lead to ineffective management and security weak-points, leaving the enterprise open to a costly virus attack.
John Edwards is Chief Technology Officer at ScanSafe