MSSPs Making A Splash With VARs, Vendors Alike

Managed service providers (MSPs) have responded to this trend by expanding their operations to incorporate functions such as intrusion detection and vulnerability monitoring and management.

Resellers, in turn, have discovered a bold new way to earn some extra cash, and are transforming themselves from MSPs into managed security service providers (MSSPs) in droves.

"Most organizations don't understand the real cost of performing true security monitoring and the management of devices on their own," said David Sockel, president of Emagined Security, an MSSP in San Carlos, Calif. "That's where we come in."

According to experts, opportunities for solution providers to come in and set up managed security services abound and are expanding fast.

A recent report from research firm Gartner predicts the worldwide MSSP marketplace will grow to $1.2 billion in 2006 from $547.8 million in 2002.

In-Stat/MDR analysts pegged the number even higher, predicting it would reach $4.9 billion by 2006.

Traditional security vendors are taking notice. VeriSign agreed to acquire MSSP Guardent last year and recently announced a new managed security services partnership with San Jose, Calif.-based appliance vendor Secure Computing. And just last month, Andover, Mass.-based security vendor Enterasys Networks got in on the action, introducing a new MSSP program and naming security hosting firm NetSec as its first partner.

"The more closely tied in to a vendor we are, the better the security management we can do for our joint customers," said Mordecai Rosen, vice president of corporate development at Herndon, Va.-based NetSec.

There have been other big channel announcements in the MSSP space in recent weeks. Late last month, Westboro, Mass.-based intrusion-prevention vendor Top Layer unveiled a new managed security services reseller partnership with Cybercon.com, St. Louis. Through this partnership, Cybercon.com will sell Top Layer's Attack Mitigator IPS solutions and host the products out of its hosting facility in St. Louis.

Even Symantec has gotten into the game, recently launching a channel-friendly MSSP service designed to extend antivirus protection to small- and medium-size businesses.

Grant Geyer, vice president at Cupertino, Calif.-based Symantec's global managed security services group, said solution providers are "critical" to the expansion of his division, which boasts six security operations centers around the world.

On the reseller side, Cal McMurtry, senior security consultant at The Ergonomic Group, described the Garden City, N.Y.-based company's relationship with Symantec as symbiotic, adding that the MSSP option enables him to provide customers with security solutions they previously only had dreamed about.

"The benefit [of outsourcing security for most enterprises] is a manpower issue," McMurtry said. "Many firms don't like the idea of giving away control of their firewalls, but they just don't have the manpower to make sure their networks are safe. We solve that, and do it in an unobtrusive way."

Specifically, McMurtry explained that his teams scan customer intrusion-detection logs in realtime for anything that appears to be an attack.

Down the road, with the prevalence of integrated security appliances, McMurtry said he expects managed services functionality in other areas of security monitoring, too.

JENNIFER HAGENDORF FOLLETT contributed to this story.