Enterprise Systems tackles the topic of outsourcing network monitoring in “Case Study: Outsourcing Threat Detection.” Mathew Schwartz profiles Swift Energy Co.’s decision to outsource some of its security tasks to Houston-based Alert Logic, a managed service provider.
As the article points out, “The main outsourcing draw seems to be getting round-the-clock security talent companies couldn’t otherwise afford. According to [Forrester analyst Laura] Koetzle’s math, ‘assuming that a firm needs six people to provide one 24×7 full-time equivalent for security-system monitoring,’ plus ‘security operations-center equipment, bandwidth, and software,’ an [MSP] can cost a third of an in-house network monitoring program.”
The service provider adds its own monitoring appliances to the corporate network, then maintains and monitors that equipment for a monthly fee. The approach has already paid off a few times, where the provider has notified the client of the new presence of infections and “worm-like activity.”
Of course, outsourcing isn’t a panacea. As the article points out, “firms need firmly ensconced security chiefs, well-tested security policies, organizational stability, buy-in from executive through physical security, previous vendor management successes, and internal security acumen.”
