As we have witnessed over the past couple of years, managed services has emerged as a profitable line of business for resellers and service providers. With Dell’s recently announced acquisition of Silverback Technologies, the future profitability of the managed service space has been drawn into question.
As a result, this is an ideal time to visit the sales model of the service business. In doing so, understanding the major issues concerning your client’s intrusion detection and prevention (IDP) strategy can help you effectively address their needs and concerns, and target your service opportunities.
Managed Security Services Provider (MSSP) services provide cost-effective solutions for medium-sized enterprises which are concerned about Intrusion Detection and Prevention (IDP) services. According to Info-Tech Research Group’s Managed Security Services Providers: Don’t Let Price Dictate Your Decision report there are four main criteria that organizations should consider when selection a MSSP provider: security operations centres (SOCs), MSSP staffing, service level agreements (SLAs) and reporting capabilities. Combining these four capabilities with the ever-present price issue, end-user organizations are able to make a more informed purchase, and service providers are able to more fully understand the needs of their clients.
Redundancy is the critically important feature of the SOC, and the SOC is the vital component to the effective delivery of the managed security service. Collected data is aggregated, processed, analyzed and responded to in a timely and effective manner. In order to safely and effectively achieve high levels of service, the MSSP should have redundant SOCs, not to mention redundant network connections and power capabilities. An important question to ask yourself is can you guarantee uptime to your client?
Staffing expenses are the single largest cost in a self-managed infrastructure. Accordingly, the MSSP’s staffing profile must be audited prior to signing. Before signing on the dotted line, consider the number of staff (management of an IDP system 24/7 requires a minimum of 5 individuals), their skill levels (quick and accurate responses?) and the tenure of the staff (managing IDP system alerts can be a tad monotonous.) How does the MSSP manage these factors?
Also examine the SLAs for measurable factors, and how to calculate and apply penalties. Look for strong, timely communication between the monitoring facility and the SOC when measuring factors. If the MSSP cannot meet the previously agreed-upon SLA, then penalties must be calculated. A quick tip to remember is to base the SLA on service functionality, not technical capability, to calculate accurate measurements.
The MSSP needs to provide access to a reporting infrastructure in order to understand and determine what occurred throughout the monitoring period. Look for real-time reporting, and real-time access, high-level “dashboard” reports, detailed threat analysis reports and successful attack reports. All reports need to be delivered in a timely manner. The first two should be delivered within an agreed upon time frame subsequent to the completion of the monitoring period, while the final is subsequent to the attack recognition.
While price is always a factor when considering expenditure, also consider the value and benefits of any service agreement and provider. In the case of MSSPs, also consider their SOAs, staffing policies, SLAs and reporting capabilities, how you can help your customer. And then, consider how the purchase of Silverback Technologies by Dell Inc. will affect your business.
Michelle Warren is a senior analyst with the London, Ont.-based Info-Tech Research Group.