A rash of MSSP players, including Guardent, Schlumberger, Qualsys, Foundstone and Ubizen, unveiled new offerings that underscore a shift to support increased vulnerability management challenges and less emphasis on monitoring capabilities at the RSA conference this week.
MSSPs must have a mix of managed services and consulting prowess, such as auditing or managed intrusion protection skills, to manage effectively the commercial security products needed for complex integration and business strategies, said John Pescatore, vice-president of research at Gartner.
"Outsourcing (security) is going to be different. It’s going to be a bigger mix of project-like work, help you set policy, and less managed services type of stuff," he said.
Taking a first quick step toward that goal, Guardent announced the availability of its enhanced Managed Vulnerability Protection and Alert Service (MVPS-Alert) and also launched its new Business Protection Service at the conference.
MVPS-ALert gathers and correlates alerts from multiple commercial sources with customers' networks and hosts asset information to identify vulnerabilities for testing. Customers receive targeted and validated information about vulnerabilities specific to their system rather than a feed of generalised alerts which may not apply to them.
Guardent’s Business Protection Service includes an architecture network assessment to weigh risks of intrusion versus the cost of protection; management of intrusion prevention system products from suppliers such as Cisco and Sana Security; managed vulnerability protection services, and monthly managed reporting.
SchlumbergerSema, the IT security business unit of Schlumberger, used the conference to launch its consulting and forensics service, DeXa.Trust. The managed security service portfolio features a new tool called Dexa.Trust Integrated Security Administrator (ISA), which provides event collection, correlation, analysis and response.
Dexa.Trust ISA will serve as the security tool to monitor the networking devices and tools to be used at the Olympic Games in Athens in 2004, said Yahya Mehdizadeh, manager of security services at SchlumbergerSema.
Qualsys made a splash at RSA by introducing additional capabilities to its web-based scanning QualsysGuard’s On-Demand platform in the form of distributed management, security audit reports, audit trails, and remediation workflow designed to help customers deal with recent regulations and increased sophistication of attacks.
For its part, Foundstone announced a beefed-up version of its Foundstone Enterprise Risk Solutions (ERS) software and managed services product. New to the ERS suite is the ability to mitigate digital vulnerabilities through asset discovery, inventory, and prioritisation. Foundstone Security Factors offer a set of metrics to measure a company’s risk posture, track security profile improvements, and weigh potential results of security decisions and investments.
Lastly, Ubizen announced at RSA its co-sourced certificate management service in North America as part of the Ubizen Online Guardian MSS offering. The co-sourced public key infrastructure (PKI) solution will allow customers to create, renew, and revoke digital certificates without deploying its own PKI.