The managed security services (MSS) market was established to help businesses
improve their security posture in the face of an increasingly sophisticated
threat landscape. In the years since its emergence, this market has continued
Today, the MSS market is comprised of telecommunications providers and strategic
outsources as well as enterprise and boutique pure-plays. Each category of provider
offers both benefits and challenges, and selecting the most appropriate provider
requires careful consideration of their approaches and offerings.
In the current era of complex network environments and limited resources, it
is difficult and costly to evaluate and deploy the security controls to keep
up with continually changing threats. What's more, competitive pressures often
make it challenging to find, train, and retain personnel who have expertise
Consequently, more and more companies are opting to outsource these critical
functions to an MSS provider (MSSP). Partnering with an MSSP enables enterprises
to maximize the value of their investments in information security technologies
and the skill development of their own personnel while freeing teams to focus
on core business issues. Working with an MSSP also enables organizations to
enhance their security posture and reduce the volatility typically associated
with security management staffing. At the same time, enterprises receive the
level of protection they require but with a degree of flexibility and cost-effectiveness
that meets business objectives.
MSSPs ensure rapid response to threats by using high-availability security
operations centers to provide outsourced management and monitoring of security
devices and events. These centers support 24/7 services aimed at reducing the
number of operational security personnel an enterprise must hire, train, and
retain to maintain an acceptable security posture.
Telecommunications providers that offer MSS as a component of other outsourced
services often include a variety of security capabilities such as firewalls
and intrusion detection in a full turn-key solution. While this streamlines
problem resolution somewhat by reducing the number of vendors needed to address
a security issue, it may not be a viable option for organizations that require
checks and balances between their security and IT functions. For those companies,
an independent pure-play provider may be needed to provide independent validation.