Skip to main content

Managed Security with a Strategic Twist


Managed services provider Verizon Business has added an interesting twist to its security toolbox. Traditionally, managed security services are tactical: they monitor a network for potential attacks, using virus signatures and other definitions.

Earlier this month, Verizon upgraded its customers' security capabilities with what it calls its "Risk-Correlation Service," designed to add strategic insight to security.

The RCS works with vulnerability scans -- either those it does for customers or those from vendors such as McAfee, Qualys, and others -- to determine where potential vulnerabilities exist. The service also documents your system to create a map of devices and the business processes that run on them. "It marries threat information with vulnerability information," says Jonathan Nguyen-Duy, Director of Product Management for Verizon.

Calculating Risks
The result is a Web-based scorecard that shows Verizon customers not only where potential problems exist, but rank the level of relative importance of those devices. "We can tell you the likelihood of an event on a particular device, but also the business process associated with that device," says Nguyen-Duy. "Using the information from the vulnerability scan, we can tell you about the impact on availability. Is the device running real-time transactions, or is it a database server that might have less sensitive information?"

Strategically, companies can use the information presented in the online scorecard to get a sense of where to improve their online protection. Not all information is created equal, and not every database server requires the same level of protection.

The scorecard is designed to help companies prioritize their security budgets and their business continuity programs. "With limited resources, it's important to understand the relative risk of each vulnerability," he says.

Protection from Attacks
The online scorecard also works when attacks are underway. In those instances, it helps customers work with Verizon to identify where remediation is most important. "Sometimes you have to work in real-time to figure out where attacks are happening," Nguyen-Duy says. "Your ability to respond is improved when you have better information on the threat and what business process might be affected."

Being proactive about security is like flossing your teeth; you know you should do it more often, but it doesn't always happen. Applying a methodology that combines both strategic and tactical security needs is very wise. Clearly, when it comes to security, it's easier to be reactive when you've already been proactive.

Besides, the complexity of providing comprehensive network security protection, and keeping it fully up to date, is something best left to the experts. That's why managed security is one of the most utilized managed service offerings.

Popular posts from this blog

A Boom in Managed Services - How to Prepare

New studies demonstrate the pros and cons of Business Technology deployments, especially as they relate to IT investment strategies. First, the downside: in a recent study of IT management excellence, the results showed the continuing disconnect between finance and IT roles, and the value each one brings to the organization. As the report states: "The lack of alignment within organizations is exacerbated by a lack of awareness on the part of both IT and finance about their own contributions to the problem. Nearly one-quarter of the respondents report that discord between IT, business, and finance is a frequent occurrence when making IT investments." Why Clear IT Processes Matter Lack of alignment is triggering a bigger cascade of problems relating to IT investment. For instance, sometimes companies excuse their lack of IT investment due to limited budget and resources. In reality, "companies are unsure how to define or implement management processes, therefore they are u