|
Counterpane Expands Managed Security Offering
Published: October 18, 2006
by Alex Woodie
Counterpane Internet Security, a provider of outsourced security monitoring services, has expanded the range of servers and applications it helps protect in the data center. The addition of support for IBM System z mainframe, Oracle and Microsoft databases, and SAP ERP systems gives Counterpane a greater capability to detect and deter security threats from inside and outside of its customers' organizations.
Counterpane helps IT organizations get a better handle on their security by taking over the grunt work of monitoring network connections and poring through the security logs of critical servers, network devices, and applications to make sure no unauthorized activity is occurring. If the company's security analysts--who monitor evolving security threats and customers' networks 24/7 from three command centers in North America and Europe--detect that something has gone awry, they will alert the customer with a phone call, or send them an e-mail if it is not a critical situation. Counterpane also provides reports showing that a company's data is kept under watch.
Not every company is a candidate for outsourcing such a big and important element of their company's security, says Toby Weir-Jones, director of product management for the Mountain View, California, company. But the companies that do elect the third-party approach find real benefits. "The general profile of one of our customers is a company that's already tried to build an all-encompassing security monitoring program in-house, or they have come from a prior outsourcer," he says. "The mid size or larger customers usually have a security team, but what they don't have are 24/7 staffers to stay on top of all shifts and personnel, and that becomes an expensive proposition."
Companies that have hang-ups about outsourcing security do not make good Counterpane customers. "They need to get over that psychologically before we can have a discussion," Weir-Jones says. "It may be better [in some ways] to keep it in-house, but it tends to be more expensive to do so."
A common misconception about managed security offerings such as Counterpane's is that it exposes customers' data. "What we emphasize repeatedly is we're not scrutinizing the data content. We may be looking at the user name and the IP addresses, but we're not looking at the content itself," Weir-Jones says." This fact is very important to Countepane's customers who deal with credit card holders, because there are some very strict rules about data disclosure.
The new support for SAP applications, RACF mainframe security, and the Oracle and Microsoft databases pretty much follow the same pattern. Counterpane needs access to the products' logs so it can create a baseline level of user and application activity. It then monitors these logs on a continual basis, and notifies the customer of activity that falls outside the normal range.
Counterpane has also done work with Oracle's PeopleSoft Enterprise ERP suite, and is working with some of the large identity management and user provisioning software suites to gain access to those logs, Weir-Jones says.
Currently, the company monitors 550 networks in 38 countries. According to company statistics compiled from calendar year 2005, Counterpane received 120 billion messages, processed about 5.4 billion alerts, analyzed more than 900,000 tickets, and contacted customers more than 38,000 times, including about 1,600 phone calls. By comparison, in 2003, the company sent out only 21,000 notifications.
"We just completed our best quarter ever," says Weir-Jones, adding that the private company is profitable. "We're doing well and growing at a measured pace."
Customers pay Counterpane a monthly fee to monitor their devices, databases, servers, and applications. Customers can expect to pay somewhere in the neighborhood of $500 to $1,500 per device per month for this service. For more information, visit www.counterpane.com.
|
