MSSP or Managed Security Service Providers need solutions that deliver unique features. According to Gartner (News - Alert), a major information technology research and advisory company, MSSPs in the company’s Leaders Quadrant are typically appropriate options for enterprises requiring frequent interaction with the MSSP for analyst expertise and advice, portal-based correlation, workflow support and flexible reporting options.

The analyst firm also notes that as formal compliance regimes evolve, enforcement activity increases and organizations consider external service providers to reduce the costs of meeting mandates with internal resources as well as to provide coverage beyond the capabilities of existing internal resources.

According to a recent blog post, Managed security services (MSS) are network security services that have been outsourced to a service provider, and a company that provides such a service is a MSSP or a managed security service provider.

The top 10 key values provided to a NetFlow-enabled MSSP are:

1)      Advanced threat detection: Traditional signature-based technologies such as UTMs, IPS and IPSs cannot provide the unique perspective on network traffic that NetFlow and flow analysis techniques do.  By comparing IP addresses to host reputation databases, botnets can be detected which could be part of a larger Advanced Persistent Threat (APT (News - Alert)) underway against the customer’s environment.

2)      Visibility: NetFlow provides end-to-end visibility of the customer’s environment from network edge to access. Hop by hop and router to router network path visibility of a flow provides the MSSP with the ability to troubleshoot issues with an IPS, firewall, or other network access control.

3)      Scalable auditing: Hundreds of thousands of log events are generated by large customers. High speed NetFlow collection technology can offset the need for cumbersome syslog and SNMP- based logging strategies. Some SIEM and log management solutions accept NetFlow; however MSSPs would be selling themselves short with check-box NetFlow solutions.

4)      Rapid access to incident details and forensics: Faster abilities to identify the malware culprit are always needed. How did the problem begin? The ingress connection of a particular host needs to be found. NetFlow’s 24x7x365 visibility into all network activity solves the problem of “what was going on at the time of the attack”.

5)      Flexible reporting: Advanced NetFlow collection technology provides detailed reports on hosts, critical networks, incidents, and attackers.

6)      Multi-tenancy: NetFlow reporting augments the level of detail the MSSP can provide to its customer base the condition being the NetFlow collector’s support to multi-tenancy. Secure login per customer with reports of each customer’s network is critical.

7)      Service responsiveness and connection uptime information: NetFlow through integration with technologies as Cisco’s (News - Alert) MediaNet provides all this information that includes end user experience to the MSSP’s cloud-based service portal, round trip time, connection times to a resource compared to other customers in addition to other info.

8)      Rapid deployment: As customers grow through new additions of data centers and acquisitions, the MSSP needs to gain rapid visibility into the new additions. NetFlow-based monitoring requires no additional hardware to do this as it is already in the network. All the customer needs is to just turn it on.

9)      Efficient firewall log collection: The firewall industry is slowly migrating syslog to NetFlow and IPFIX.

10)   Perfect for a cloud-based MSSP: NetFlow and IPFIX can be transported easily anywhere including across WANs, through VPNs, across WANs, from the customer’s routers directly to the MSSP. Unlike traditional packet capture technologies, where the MSSP is required to log into a device located at the customer premise, here flows travel unidirectionally and can be easily accessed locally at the MSSP.

Network flow collection is a valuable asset. As the network grows deeper, the improved level of visibility offered by NetFlow and IPFIX can definitely improve the quality of your service offering.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2012, taking place Oct. 2-5, in Austin, TX.  Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.