Managed Security Service Providers: Multifold Benefits

24x7 Monitoring
It is estimated that almost 60% of the attacks happen during the graveyard shift-a period where availability of skilled resources is always in question. To proactively detect and respond to attacks, 24x7 monitoring becomes an imperative. 24x7 monitoring involves a three-shift operation. Even if just one security expert per shift is enough, (which is a difficult presumption considering high domain specialization required in data security) an organization will require at least three security experts for round-the-clock monitoring which would be a huge cash outflow.

Powerful Event Correlation
In a corporate environment, event handling tends to become people dependent. Given the inconsistency in event occurrence, it becomes difficult to co-relate similar incidents to detect an attack. Moreover, organizations do not work on Standard Operating Procedures which are required to effectively diffuse an attack. Even after having an inhouse expert look at an event, one is not confident of the type of attack that has happened and the effective method to resolve the same. MSSPs provide automated event co-relation capabilities that list events with similar patterns and co-relate them to detect an attack.

Managing False Alerts
False positives constitute 99% of total security alerts, making it extremely difficult to segregate the 1% of real alerts. A typical firewall generates thousands of alerts a day while an IDS can generate millions of raw logs of data that becomes practically impossible to interpret. MSSPs have automated tools that segregate the 1% actual attacks from the false positives making security management a much easier task.

Emergency Response
Emergency response becomes difficult if an enterprise is managing its security inhouse. The security team is either not available or doesn't have adequate tools, processes, policies to respond to an attack. MSSPs operate on Standard Operating Procedures that ensure near real time response to all security incidents.

Reporting and Documenting Events
Inhouse reporting tools provide limited or no visibility into the security infrastructure. Either the organization tends to completely ignore the reporting aspect or delegate it to lesser-qualified resources. Reporting becomes extremely crucial for forensics and also to analyze the type of event and method to counter it. MSSPs provide real-time visibility into the security infrastructure letting a CIO know the status of his network at any point of time.

Upgrades and Patches
Security vendors come out with new patches on a regular basis. The high frequency of patch release and multiplicity of security products make it difficult for the organization to upgrade these patches time to time.

Trained and Dedicated Professionals
Certified security professionals at an MSSP undergo extensive security training and rigorous background checks prior to managing or monitoring an organization's equipment.

Guaranteed Responsiveness
An MSSP begins escalation the moment a problem is detected and the source is identified. Aggressive Service Level Agreements (SLAs) ensure that an organization will be notified immediately.

Enhanced Internet Security
This is critical, if governments and businesses are to move high-value transactions and sensitive information online. For many organizations, a managed security service represents the most effective approach to deploying enhanced Internet security.

The following are essential for your information security program to be effective:

• Make sure the CXO "owns" the information security program and assign senior-level staff with responsibility for information security.

• Establish a cross-functional information security governance board.

• Establish metrics to manage the program.

• Implement an ongoing security improvement plan.

• Conduct an independent review of the information security program by conducing regular surveillance audits.

• Implement suitable security technologies, example Layer security at gateway, server, and client.

• Separate your computing environment into "zones".

• Start with basics and then improve the program.

• Consider information security an essential investment for your business.

• Conduct regular Security Awareness program for the staff.

Viruses affecting mobile phones are a relatively new phenomenon. One of the first significant attacks involving mobile phones occurred in June 2000 and focused on a specific mobile operator. The first viruses to attack handheld device also occurred in 2000. Viruses such as liberty, Phage, and vapor affected devices using the palm OS has not been subject to further virus attacks. However, malware affecting devices using other operating systems has occurred since that time

NTT DoCoMo malware attack: During August 2001, Japanese users of NTT DoCoMo's in mode found their phones started to dial 110-the Japanese equivalent of 911 emergency assistance if they answered 'yes' to a certain question during an online quiz regarding love. Japanese police switchboards were swamped with bogus calls that prevented authorities from responding to true emergencies. NTT DoCoMo has now corrected the vulnerability exploited by the attack.

Symbian Viruses: Beginning in 2004 and continuing in 2005, viruses affecting symbian OS and the Microsoft windows Mobile OS have significantly increased. Symbian OS in particular has suffered from virus outbreaks affecting device using Symbian OS 7.0s with the series 60 platform user interface, the software used in most Nokia smartphones. The Cabir attack, which occurred in June 2004 was followed by a steady stream of variants and permutations including Qdial, Skulls, Velasco, Locknut, and Dampig.

Cabir and its offspring represent proof of concept malware that has propagated effectively and cause little damage. These initial viruses represent the hacker community experimenting with a new technology. Cabir used Bluetooth wireless connectivity to transmit itself; Blue-tooth transmissions are limited to 10 meters in distance. The infected device would search for other Bluetooth devices in discoverable mode and then the target device would have to click through four dialog boxes to actually infect the mobile device.

Although the Cabir virus did not propagate to any significant degree, the increasing frequency of its variants demonstrates that virus writers are becoming better at writing viruses for mobile devices. Subsequent malware- Comwar and Mabir used more effective methods particularly through MMS.

Smart phones and mobile messaging malware: Built in messaging capabilities of smart phones make them a natural target for messaging worms. A virus can leverage the phones integrated messaging capability to propagate other phones. This malicious code can use the phone's address book to finds new targets. For example, devices infected with the Mabir virus, which affects Symbian 0S 7.0 with the series 60 platform user interface, will attempt to infect other devices supporting MMS by responding to received SMS or MMS messages and sending a copy of the virus by MMS. This interrupts user productivity, drains the battery, can increase MMS charges, and provides the potential to damage a user's reputation among friends and business colleagues. Although they are not yet common. Protecting phones from mobile messages with malicious payloads, also known as mobile messaging malware, is an essential component of any antivirus solution.