RSA: Security services served up at show

Battling a dwindling market and aggressive competition from traditional enterprise security products, MSSPs (managed security services providers) are relying more heavily on consultation and proactive protection measures to woo customers toward outsourcing security.

A rash of MSSP players, including Guardent Inc., Schlumberger Ltd., Qualsys Inc., Foundstone Inc., and Ubizen at the RSA Conference this week unveiled new offerings that underscore a sizeable shift to support increased vulnerability management challenges and less emphasis on monitoring capabilities.

MSSPs must possess a mix of managed services and consulting prowess, such as auditing or managed intrusion protection skills, to effectively manage commercial security products needed for complex integration and business strategies, said John Pescatore, vice-president of research at Stamford, Conn.-based Gartner.

“Outsourcing [security] is going to be different. It’s going to be a bigger mix of project-like work, help you set policy, and less managed services type of stuff,” Pescatore said.

Taking a first quick step toward that goal, Guardent announced the availability of its enhanced Managed Vulnerability Protection and Alert Service (MVPS-ALERT) and also launched its new Business Protection Service at the RSA Conference.

MVPS-ALERT gathers and correlates alerts from multiple commercial sources with customers’ networks and hosts asset information to identify vulnerabilities for testing. Therefore, customers receive targeted and validated information about vulnerabilities specific to their system rather than a feed of generalized alerts which may not apply to them, said Jonas Hellgren, vice president of product management at Waltham, Mass.-based Guardent.

Guardent’s Business Protection Service offers a four-tier approach. Up front it includes an architecture network assessment to weigh risks of intrusion versus the cost of protection. That is followed by management of IPS products from vendors such as Cisco and Sana Security, managed vulnerability protection services, and lastly, monthly managed reporting.

Meanwhile, SchlumbergerSema used this week’s security conference to launch its new consulting and forensics service, DeXa.Trust. The managed security service portfolio features a new tool called Dexa.Trust Integrated Security Administrator (ISA), which provides event collection, correlation, analysis, and response.

Dexa.Trust ISA is slated to serve as the security tool to monitor the networking devices and tools to be used at the Olympic Games in Athens, Greece, in 2004, according to YahyaMehdizadeh, manager of security services at SchlumbergerSema, the IT security business unit of New York-based Schlumberger.

Mehdizadeh said Dexa.Trust ISA collects deployed agent data from various servers, routers, switches, IDS, firewalls, and so forth to draw trends and conclusions to more quickly respond to security incidents or threats. Other services in the Dexa.Trust portfolio include risk assessment, network and performance monitoring, security and event analysis, and reactive services such as incident and litigation response.

Qualsys made a splash at RSA by introducing new capabilities to its Web-based scanning QualsysGuard’s On-Demand platform in the form of distributed management, security audit reports, audit trails, and remediation workflow designed to help customers deal with recent regulations and increased sophistication of attacks.

The Qualsys audits centralized model will allow organizations to pinpoint when an audit was recorded, what vulnerabilities were uncovered, the appropriate fixes, to whom and when they were assigned, and if repairs were successfully implemented, said Gerhard Eschelbeck, CTO and vice-president of engineering at Redwood Shores, Calif.-based Qualys.

For its part, Foundstone announced a beefed-up version of its Foundstone Enterprise Risk Solutions (ERS) software and managed services product. New to the ERS suite include the ability to mitigate digital vulnerabilities through asset discovery, inventory, and prioritization. In addition, ERS includes the standalone Foundstone FS1000 appliance to allow same-day deployment of Foundstone’s vulnerability management and risk operations. Finally, Foundstone Security Factors offer a set of metrics to measure a company’s risk posture, track security profile improvements, and weigh potential results of security decisions and investments.

Lastly, Ubizen announced at RSA its co-sourced certificate management service in North America as part of the Ubizen Online Guardian MSS offering. The co-sourced PKI (public key infrastructure) solution will allow customers to create, renew, and revoke digital certificates without deploying its own PKI, according to company officials.