NSS Labs Tool May Help Service Providers Keep Security Vendors Accountable

Research firm RSS Labs is working on tweaks to its new Cyber Advanced Warning System tool that will give MSPs and managed security service providers the power to find weaknesses in security tools. Here are the details.

Managed security service providers (MSSPs) and MSPs seeking to evaluate and optimize security infrastructure on behalf of their clients may get a leg up on the process through a new tool released last week by research firm NSS Labs, which is currently in the process of optimizing it for the service provider community.

Known best for its industry reports benchmarking security vendor products in categories like intrusion prevention systems (IPS) and next-generation firewalls (NGFW), NSS Labs branched out with what it is calling its Cyber Advanced Warning System (CAWS).

It was built based on what was initially an internal tool used by NSS Labs to help scale the creation of customized reports on weaknesses within specific customer security infrastructures. The intention is for it to take into account not only the particular combinations of security tools and technology within a given environment, but also updated exploit techniques used in current attack campaigns.

While initially offered for enterprise customers, NSS believes service providers have similar needs for keeping security vendor partners accountable on behalf of their clients.

“The MSSPs face the same challenges enterprises do, which is figuring out which device is going to provide me the best protection against the exploits the bad guys are running this week,” says Bob Walder, founder and CTO of NSS Labs. “This is going to allow them to provide much more concrete and actionable advice to their clients and their customers and make sure tehy have the right product installed.”

How IT service providers will use CAWS

Walder says that he sees two different use cases for service providers interested in using CAWS. The first, which he says is viable ‘from day one,’ is for providers to use CAWS on a consultative basis to help determine the best devices for a given environment. This would work well for those providers primarily managing on-prem systems and which work with a wide range of security vendor partners to deliver security services within customer environments. Meantime, the second scenario is one for which NSS still needs to do work to make possible.

“The other way they could use it is to manage the CAWS service on behalf of their clients,” he says, emphasizing it would be a value-add as a part of the MSSP’s internally scaled and multi-tenanted management layer, allowing for real-time analysis of security effectiveness rather than point-in-time consultation. This would take advantages of CAWS power to offer up policy changes and other configuration tweaks to account for head of current attack techniques. “So they actually act as a provider of CAWS to their clients. We have had some interest in it, but it wasn’t designed that way out of the door

Release timeline

According to NSS Labs senior director of product line management, James Collinge, CAWS should be available for use in this manner by the end of the year.

“The nice thing about the product is that the foundation and the base architecture lends itself well to separation of duty and multiple customers accessing the system,” he says. “What we need to do next is to put in the access controls in place so if an MSSP wanted to provide that visualization just to a single customer without bleeding over into other views, they could do that. The foundation is there, it’s just a matter of getting that done.”