Professional Documents
Culture Documents
Level 3 Security White Paper
Level 3 Security White Paper
Level 3 Security White Paper
I NT RO D U CT I O N
Is your organization’s network and the information streaming through it really secure? If
your answer is yes, would you bet your salary? Of course not; anyone with even passing
involvement in cyber security recognizes that speaking in absolute terms is
unsupportable. Yet, many organizations place this type of bet daily by choosing to manage
security by themselves—the Do-It-Yourself approach. They do this even though viable
means to elevate their security positions exist by partnering with a managed security
service provider (MSSP).
▪ Tolerance for mediocre security is waning – The stakes are too high in a
compute-intensive, always-connected world. A disruption in your network, a
downed server, or an infected PC —each damages your organization’s operational
health. This has a price tag, as does remediation —that is, the time and resources
required to return your compromised systems to normalcy. The direct and
indirect costs of a data breach further add to this price tag. The bottom line:
avoiding sticker shock should be a number one risk management priority.
In this white paper, we provide the rationale as to why your organization should engage
with a managed security services provider; and not just any MSSP, but one that also
supports your global networking needs. What you will find is that the security
management capabilities of MSSPs and Network Services Providers are highly
complementary.
Cha nge A b ou n ds
▪ Threats – Cyber threats, for example, are constantly changing—in form, volume,
timing, and points of origin—and changing with no forewarning. Speed and
comprehensiveness in identifying, particularly new threats, is critical.
Understanding and sizing potential impacts to your organization is also critical in
prioritizing threat mitigation efforts.
▪ Assets – What requires protection is changing too. At the physical level, data
center and communication network infrastructure and end-user devices are
changing in response to evolving business needs and circumstances. Often, these
changes are known in advance, but not always. Understanding how changes in
infrastructure and connected devices affect an organization’s vulnerability in
relation to threats is vital. For example, the proliferation of Bring -Your-Own-
Device (BYOD) onto the organization’s network —that is, devices that are not
directly managed by IT—adds significantly to risk. Moving up from the physical
layer, operating systems and software applications are frequently changing. Being
aware of these changes and their impact on vulnerability is also essential but, in
practice, challenging. Diversity in operating systems and applications plus
unsanctioned changes (e.g., downloading a new app) independently initiated by
business units or end users add to the difficulty of being aware.
▪ Security Policies – Last, security policies are a key component in your game
plan for managing risk. These policies reflect an assessment of risk at a point in
time. As such, security policies must change as risk changes. Instinctively, changes
in the threat environment (if detected) affect the magnitude and nature of risk,
but this is not the only cause. Changes in your business —what it does, where it
operates, and how it operates—also affect risk. Additionally, perceptions
influence an organization’s assessment of risk. Recurring news of data breaches
and network compromises give pause at multiple levels of the organization —
board members, top executives, and, of course, IT and security departments —on
whether the level of risk is higher and more extensive than previously presumed.
Adjusting security policies requires a comprehensive, balanced and recurring
assessment of risk. MSSPs running vulnerability assessments and simulating
attacks assist organizations in meeting this goal.
Having established that cyber security risk and the interplay of vulnerabilities and threats
are continuously changing, impacted by numerous variables, and unique to each
organization, the objective of an MSSP is to partner with each of its clients in reducing
risk. As a partnership, the parties combine forces to reach an objective that neither
could accomplish individually.
Each MSSP client has intimate perspective on its operations, business priorities and
tolerable level of risk. The MSSP cannot determine or infer this perspective with equal
precision and depth. Instead, the MSSP will merge the client’s perspective into the
context of what it does best—understanding and mitigating cyber threats. The MSSP
—
brings in several capabilities to accomplish this on behalf and with its clients:
▪ Threat Intelligence – Among the most valuable assets the MSSP brings into the
partnership is threat intelligence. For this, the MSSP gathers reams of information
on a continuous basis from multiple sources as its raw material in identifying and
cataloging (e.g., stage of development, objective, and source) cyber threats. This
information originates from multiple sources including: client environments
(stripped to be anonymous), third-party sources (e.g., malware signature
libraries), and, for some, honeypots. Honeypots are established and maintained
by MSSPs to trap hackers into revealing their intent and capabilities. Breadth and
depth in threat information is an important measurement of the MSSP’s threat
intelligence capabilities. Equally important is the MSSP’s ability to systematically
filter and analyze this information and transform it into practical intelligence for
threat assessment and mitigation. Experienced and dedicated personnel,
supported by processes and systems that automate portions of the threat
analysis, form the principal building blocks in the MSSP’s information -to-
intelligence transformation.
Network Service Providers (NSPs) have been offering MSSP services for several years. As
explained in this section, this not a chance combination but a highly complementary
pairing, as several NSP core competences are directly relevant in managed security
services. Among those core competences are:
▪ Scale with Client Isolation – For the MSSP business to be successful, and for
its clients to benefit (i.e., improved risk management services at an economical
price), the MSSP must attain operational scale in order to spread its investments
in service delivery thinly across its client base. The MSSP must also minimize
investments that exclusively serve a single client or a limited number of clients.
Rather, MSSP investments must be concentrated in service delivery
infrastructure, processes and personnel that can scale exponentially to support a
large number of clients simultaneously. At the same time, MSSP clients expect
isolation from the MSSP’s other clients. Each client’s security instances within the
MSSP service delivery environment must be treated with absolute privacy. This
MSSP formula for business success follows the same formula that NSPs honed
decades before the Internet era began. Communication networks are built to
serve millions of customers simultaneously while maintaining customer isolation
and allowing for customization (for example, customer -specific routing tables in
support of private Wide Area Networks). For NSP-MSSPs, they do not need to
learn the business model—they already know it.
locations. As a result, your connections are better reserved for the traffic that
matters the most. In addition, whether your organization needs uniform security
policies across all your locations or varied policies, the NSP -MSSP’s homogenous
security platforms distributed throughout its network and tied into its customer
portal directly support this. Plus, build-it platform scalability and redundancy by
the NSP-MSSP ensures that these security capabilities are always ready and
always on. For your organization to have this same level of certainty would
indeed be costly.
Regarding the future, consider your organization’s adoption of cloud services. These
services are delivered from data centers that are either Internet -connected (e.g.,
Software as a Service), a node on your private network (e.g., a private cloud), or, more
likely, a combination of both. The convergence of networking and security services from
a single source, as outlined above, has attractive properties.
Stratecast
The Last Word
The task of defending against cyber threats and protecting your operations and the
information entrusted to your organization is a large, complex, and constantly
evolving task. For many organizations, the attention to security, while important, is
distracting their time and attention away from the core strategic elements of their
businesses. There must be another approach.
There is—partnering with a Managed Security Services Provider (MSSP). MSSPs are
singularly dedicated to fighting this fight, and fighting it to win. Their investments in
technologies, systems, processes, and personnel far exceed the investments a single
organization—your firm—can justify. Furthermore, their investments are made not
merely to address the threats of today, but also the threats of tomorrow.
The existence of MSSPs is not new and, therefore, not untested. MSSPs have been in
operation for more than a decade. As a testament to the client value MSSPs deliver,
global expenditures on MSSPs exceed $7 billion annually, and are forecasted to grow
at a pace of nearly 20 percent (source: Analysis of the Global Managed Security Service
Providers Market, May 2012, Frost & Sullivan).
Also, MSSPs are not created as equals. A growing portion of the MSSP market is
being filled by global Network Service Providers (NSPs) that also operate as MSSPs.
Like their standalone counterparts, their investments and dedication to the managed
security discipline are just as strong. This NSP-MSSP combination is a dynamic duo.
The long-held core competencies of NSPs are well placed in the operations
of an MSSP, and NSPs bring client value that standalone MSSPs cannot
duplicate.
One final point in the consideration of a MSSP partnership is that this partnership is
not an all-or-nothing proposition. NSP-MSSPs provide the convenience and flexibility
for organizations to choose the services that best complement or replace their
existing security capabilities. Additionally, NSP -MSSPs can fulfill your security needs
through security platforms located on your premises, in the NSP -MSSP’s network, or
in combination. Service changes and how they are delivered can also be
accommodated in a predictive and controlled manner.
Michael Suby
In a world of uncertainty, there are some unfortunate certainties. One certainty is
VP of Research
cyber threats; they are not going away, and will intensify in sophistication and variety.
Stratecast | Frost & Sullivan
You want your business to have certainty too. A partnership with an MSSP will help
msuby@stratecast.com
you combat one certainty with another.
Silicon Valley San Antonio London
331 E. Evelyn Ave., Suite 100 7550 West Interstate 10, Suite 400 4, Grosvenor Gardens,
Mountain View, CA 94041 San Antonio, Texas 78229-5616 London SWIW ODH,UK
Tel 650.475.4500 Tel 210.348.1000 Tel 44(0)20 7730 3438
Fax 650.475.1570 Fax 210.348.1003 Fax 44(0)20 7730 3343
877.GoFrost • myfrost@frost.com
http://www.frost.com
ABOUT STRATECAST
Stratecast collaborates with our clients to reach smart business decisions in the rapidly evolving and hyper -
competitive Information and Communications Technology markets. Leveraging a mix of action -oriented subscription
research and customized consulting engagements, Stratecast delivers knowledge and perspective that is only
attainable through years of real-world experience in an industry where customers are collaborators; today’s
partners are tomorrow’s competitors; and agility and innovation are essential elements for success. Contact your
Stratecast Account Executive to engage our experience to assist you in attaining your growth objectives.
Frost & Sullivan, the Growth Partnership Company, partners with clients to accelerate their growth. The company's
TEAM Research, Growth Consulting, and Growth Team Membership™ empower clients to create a growth -focused
culture that generates, evaluates, and implements effective growth strategies. Frost & Sullivan employs over 50
years of experience in partnering with Global 1000 companies, emerging businesses, and the investment community
from more than 40 offices on six continents. For more information about Frost & Sullivan’s Growth Partnership
Services, visit http://www.frost.com.