Research firm RSS Labs is working on tweaks to its new Cyber Advanced Warning System tool that will give MSPs and managed security service providers the power to find weaknesses in security tools. Here are the details.

March 18, 2015

3 Min Read
Bob Walder founder and CTO NSS Labs
Bob Walder, founder and CTO, NSS Labs

By Ericka Chickowski 1

Managed security service providers (MSSPs) and MSPs seeking to evaluate and optimize security infrastructure on behalf of their clients may get a leg up on the process through a new tool released last week by research firm NSS Labs, which is currently in the process of optimizing it for the service provider community.

Known best for its industry reports benchmarking security vendor products in categories like intrusion prevention systems (IPS) and next-generation firewalls (NGFW), NSS Labs branched out with what it is calling its Cyber Advanced Warning System (CAWS).

It was built based on what was initially an internal tool used by NSS Labs to help scale the creation of customized reports on weaknesses within specific customer security infrastructures. The intention is for it to take into account not only the particular combinations of security tools and technology within a given environment, but also updated exploit techniques used in current attack campaigns.

While initially offered for enterprise customers, NSS believes service providers have similar needs for keeping security vendor partners accountable on behalf of their clients.

“The MSSPs face the same challenges enterprises do, which is figuring out which device is going to  provide me the best protection against the exploits the bad guys are running this week,” says Bob Walder, founder and CTO of NSS Labs. “This is going to allow them to provide much more concrete and actionable advice to their  clients and their customers and make sure tehy have the right product installed.”

How IT service providers will use CAWS

Walder says that he sees two different use cases for service providers interested in using CAWS. The first, which he says is viable ‘from day one,’ is for providers to use CAWS on a consultative basis to help determine the best devices for a given environment. This would work well for those providers primarily managing on-prem systems and which work with a wide range of security vendor partners to deliver security services within customer environments. Meantime, the second scenario is one for which NSS still needs to do work to make possible.

“The other way they could use it is to manage the CAWS service on behalf of their clients,” he says, emphasizing it would be a value-add as a part of the MSSP’s internally scaled  and multi-tenanted management layer, allowing for real-time analysis of security effectiveness rather than point-in-time consultation. This would take advantages of CAWS power to offer up policy changes and other configuration tweaks to account for head of current attack techniques. “So they actually act as a provider of CAWS to their clients. We have had some interest in it, but it wasn’t designed that way  out of the door

Release timeline

According to NSS Labs senior director of product line management, James Collinge, CAWS should be available for use in this manner by the end of the year.

“The nice thing about the product is that the foundation and the base  architecture  lends itself well to separation of duty and multiple customers accessing the system,” he says.  “What we need to do next is to put in the access controls in place so if an MSSP wanted to provide that visualization just to a single customer without bleeding over into other views, they could do that.  The foundation is there, it’s just a matter of getting that done.”

Read more about:

AgentsMSPsVARs/SIs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like