`

CHAPTER-1

1.INTRODUCTION

1.1 GENERAL INTRODUCTION:

An Information Asset is a definable piece of information, stored in any manner which is recognized as 'valuable' to the organization. The information which comprises an Information Asset, may be little more than a prospect name and address file; or it may be the plans for the release of the latest in a range of products to compete with competitors.

Furthermore there are broader types of information that have safeguarding needs. These include less tangible values such as reputation and public perception of competence, effectiveness and efficiency that may be adversely affected by security failures. These intangible assets may be lost as a consequence of a security failure affecting tangible information assets.

Information can be in any form. It may be printed or written, stored electronically, transmitted by post or electronically, shown on films, spoken in conversation or exist as perceptions. It therefore includes: Documents and papers; Electronic data; The Systems (software, hardware and networks) on which the information is stored, processed or communicated; Intellectual information (knowledge or perceptions) acquired by individuals; and Physical items from which information regarding design, components or use could be derived.

Emergence of complex and closely interconnected business-to-business relationships have made security perimeter around a single firms network disappear. It is being replaced by a network of protected business relationships. The major challenge in such environments becomes the identification of legitimate partner and potential intruders to protect computing resources and business data from unauthorized access.

Enabling, but complex to manage, technologies such as web services further complicate provision of security to enterprise resources. Originally web services were envisioned as a lightweight solution to allow different applications to talk freely; however, it is becoming apparent that for web services to be successful, security issues need to be addressed.

To make matters more complicated, there are now many more technologies that allow making information transfer in and out of a company almost uncontrollable. Use of storage area networks, peer-to-peer communications and instant messaging provide broad opportunities for information transfer and significantly complicate determination of security perimeter. Further, many such technologies are used in telecommuting and telework that are projected to continuously grow as more enabling and collaborative technology evolve. For example, Starner (2003) reported that more than 80% of executives worldwide expect some of their workers to telecommute over the next two years.

Therefore, firms increasingly find that they are unable to manage security of their resources themselves. This has led to one of the most interesting emergent phenomenon the spillover of outsourcing into the area of information security. While counterintuitive, in 2002, 3 - 29% of all European enterprises intended to use managed security services. Outsourcing of security services is an interesting but perplexing phenomenon because firms are often ready to hand over the security of their precious digital assets to outsiders.

Estimates report the current number of companies obtaining security from outside providers to be up to 30% and growing. A compound annual growth rate in the market of Managed Security Services Providers (MSSP) is estimated to be at least 17-20%. The entire market is expected to grow from $1.7 billion in 2007 to 3.2-3.7 billion in 20115-12. In addition, there is significant consolidation in the MSSP market with the number of providers getting smaller while increasing their range of services.

The cost/benefit tradeoffs for MSSP arrangements are still not well understood. The risks of working with MSSP include issues of trust, dependence on outside entity for support of critical
3

functions, and ownership of systems (Allen et al.,2003). However, as Allen and Gabbard (2003) point out, there are multiple benefits that individual firms can derive by using MSSPs:

Cost savings: cost of managed security service is usually lower than hiring in-house fulltime experts. MSSPs are able to spread their investment in infrastructure and people across several clients.

Staffing: shortage of qualified security personnel puts big pressure on companies to recruit, train and retain their security staff. Skills and security awareness: MSSPs have better insight into evolving security threats directly and indirectly because of their focus and wider install base. MSSPs can provide objectivity, independence, liability protection, dedicated facilities, 4 and round-the-clock service.

While current MSSPs focus on their relationships with government entities and large companies, benefits of managed security services are also appealing for small and medium size companies due to relative amount of resources that they have to commit to security operations. Thus, MSSP service offering is attractive to a wide range of organizations and study of MSSP markets has real practical value.

In this report I explore the structure of the MSSP market as well as its formation process and stability. We primarily try to identify whether there are indeed economic benefits for firms to hire external entities to manage their security. I observed the economic incentives that lead to particular choices in security outsourcing.

For example, service provider will show that it may be beneficial for firms to join larger groups (MSSP networks) just to hide themselves from potential attacks among other targets. We compare two different types of ownership structures for MSSP:
4

A consortium based approach where several companies join hands to pool their resources to collectively provide security for their computing resources; and When a MSSP is a for-profit provider who manages security for a group of firms.

Another related issue concerns the form of ownership of a MSSP network. Given the B2B relationships that companies have with each other it would seem that a consortium based approach may be appealing. However, we show that firms may have better incentives for joining a for-profit MSSP, especially initially when network size is small. We also identify conditions under which profit-oriented proprietary MSSPs may have larger size than consortium operated MSSPs.

1.2 INDUSTRY PROFILE:

Indias business, data and knowledge process outsourcing industries have been growing significantly in the last few years. However, various incidents of data theft and misuse of private and personal information have raised concerns about outsourcing to India. Unlike the US or the European Union, India does not have a data protection law. In the absence of specific legislation, data protection in India is achieved through the enforcement of privacy and property rights. Privacy rights are enforced under the Indian Constitution (Constitution) and the Information Technology Act, 2000, whereas the Indian Contract Act, 1872, the Copyright Act, 1957, and the Indian Penal Code, 1860, protect property rights. Data Protection and Privacy Rights An individuals right to privacy has evolved out of Article 21 of the Constitution and other constitutional provisions protecting fundamental rights. Article 21 of the Constitution provides that no person shall be deprived of life or personal liberty except according to the procedure established by law. The Supreme Court of India has held in a number of cases that the right to privacy is implicit in the right to life and personal liberty guaranteed to Indian citizens. However, constitutional rights can normally be claimed only against the State or State-owned enterprises and not against private individuals or establishments. The Information Technology Act, 2000 (IT Act) penalizes cyber contraventions (section 43(a) to (h)) and cyber offences (sections 65-74). The former category includes gaining unauthorized access and downloading or extracting data stored in computer systems or networks. Such actions may result in civil prosecution. The latter category covers serious offences like tampering with computer source code, hacking with an intent to cause damage, and breach of confidentiality and privacy, all of which attract criminal prosecution. The IT Act also prescribes penalties for hacking, which is tampering with a
5

computers source code and any breach of confidentiality and privacy obligations by a person havingpowers under the IT Act. Data Protection and Property Rights Article 300A of the Constitution ensures the right not to be deprived of property except by authority of the law. However, this right can be claimed only against the State and not against private individuals or employees. Further, the data in question has to be regarded as property. The Copyright Act, 1957 (Copyright Act) protects Intellectual Property rights in literary, dramatic, musical, artistic and cinematographic works. The term literary work includes computer databases as well. Therefore, copying a computer database, or copying and distributing a database amounts to infringement of copyright for which civil and criminal remedies can be initiated. However, it is difficult to differentiate between data protection and database protection under the Copyright Act. Data protection is aimed at protecting the informational privacy of individuals, while database protection has an entirely different function, namely, to protect of the creativity and investment put into the compilation, verification and presentation of databases.

1.3 COMPANY PROFILE:

Cycops, an information security company based out of Hyderabad, INDIA was founded in 2008 with the aim of bringing together a team of highly skilled, technically focused, and uncompromising security professionals. CyCops Security is a specialist information security company, with niche technical skills allowing us to deliver high quality penetration testing and other information security related services to our customers. Cycops training Institute is the most trusted source for high quality information security training. We have been training Information Security and IT Professionals since 2004 with a diverse lineup of relevant training courses. In the past 5 years, over 500 individuals have trusted CyCops trainees for their professional development needs!

CYCOPS is founded by industry professionals with a vision of delivering effective managed security services and solutions to organizations of all sizes. CYCOPS has since gone on to provide its business oriented security offerings to a list of steady growing clientele. CYCOPS provides professional security services using established information security standards to both private and public sectors. We are an Information security solutions partner to business and
6

government. CYCOPS broad range of strategic solutions, services, and expertise can help you improve infrastructure and application performance; secure your data wherever it is, create a collaborative environment, and connect with your customers, partners, suppliers, and employees when and where you need to.

CYCOPS provides information security solutions to customers in a wide variety of industries including manufacturing, healthcare, banking, environmental response, consumer products and technology offering a three-tiered solution that combines managing, monitoring and maintaining network security. CYCOPS has been providing services and solutions to Data Centers, Telecommunication sectors and Internet Service Provider markets. CYCOPS provides turnkey independent and managed solutions, focusing on information technology and security, including compliance with ISO 27001, HIPAA, BS7799, COBIT and PCI DSS. CYCOPS has partnered with various companies across the world to enable complete 24/7 monitoring of systems such as firewalls, intrusion detection/prevention, and VPN solutions, as well as staffing knowledgeable people.

CYCOPS provides security solutions to customers in a wide variety of industries including manufacturing, healthcare, banking, environmental response, consumer products and technology offering a three-tiered solution that combines managing, monitoring and maintaining network security. With a serious commitment to the individual customer relationship, we specialize in configuring and monitoring each system to meet the specific security needs of each customer.

CYCOPS strives to foster long-term relationships in partnership with client organizations in order to effectively develop unique security solutions based on specific business and operational requirements. They assist or advise our clients on continuous identification, correction, maintenance and management of mission-critical security systems and data protection. Through this process our clients consistently benefit from our expert knowledge and skills.

CYCOPS continuously remain abreast of developments in the IT industry evaluating new products for suitability in our clients businesses and recommending upgrades to our software suppliers. They also focus on improving our value-added services to clients either by expanding
7

existing services or introducing new ones, in response to market needs and client requirements. CYCOPS staff skills range from programming to in-depth knowledge of large corporate networks, fire-walling and security on all operating system platforms. A pro-active skillsdevelopment program ensures that staff receives extensive training so that their knowledge and technical expertise remains current.

1.4 VISION&MISSION:
MISSION: To be a premier Information security Research and Development center and to excel in the development of India as a secured nation. VISION: To lead and inspire, through excellence in training and research the education and development of a Secured Nation.

1.5 COMPANY ASSOCIATES:

KRISHNA CHAITANYA: Prime Consultant focusing on information security, located in the Hyderabad. He has over 5+ years of professional experience working as a security system architect, security engineer, consultant, and as a Senior Manager, Technology Services Group. He has worked with clients to build complete security architectures that include policies, standards, strategies, design architectures and procedures that enable them to control security and performance on their systems. He has also performed vulnerability assessments of client systems for security. He has assisted companies in preparing for audits of their information security systems and methods. He specializes in Penetration testing methodology. He has established himself as an industry professional by delivering pre sensations on information security at such prestigious industry conferences as TechTatva, Manipal Institute of Technology (M.I.T) a national level technical fest and GMRs National workshop on Information Security. He has been interviewed by television media on topics like (Bypassing Firewall, Valentines Day virus etc) as a part of general security awareness. He has his writings published on security portals like Data stronghold & Economic Times.

G. LAKSHMIKANTH REDDY: He is an expert in computer forensics, web application security, shell coding etc. He is been performing pentests for many organizations and has been training corporates and students for four years now. He has also been to Tanzania to train the Tanzanian Revenue Authority in ethical hacking and computer forensics.

G. JUSTIN: Around four years of diversified professional work and experience in Information Security, Attack and Penetration, Forensic Investigations, Reverse Engineering along Wi-Fi Architecture & security, Incidence Response with implementation experience in e-security products and networking products in multi-platform environments.

NAVEEN KUMAR SINGH: He has an experience of three years in security pertaining to concepts of network security, pentesting, wi-fi security, rfid. He also has been training corporate and students on security. He has been speaking about Information security with the media and also at conferences as the one conducted by Manipal Institute of technology (M.I.T). Worked on advanced concepts like WIMAX security and Mobile adaptive routing.

RAVI KUMAR CH: Ravi Kumar CH is an IT Consultant, having 18+ years industry experience. He worked with companies like HCL Hewlett Packard & Accel Frontline and served Defense, Education and Manufacturing verticals. He Holds a PG Diploma in Marketing

We combine our broad range of services,trainingns and expertise to help some of the world's best organizations and governments - meet the challenges of their increasingly extended enterprises. We can help you: Improve accuracy and responsiveness. Reduce administrative overhead and cost of maintaince.
9

Improve security analysis, controls, and audit capability. Reduce downtime. Minimize employee misuse of Internet and other resources. Our goal is to help you setting up heighest level of security for your extended enterprise. To lead and inspire, through excellence in training, services, Awareness and research towards the development of India as a SECURED NATION

1.6 VERTICALS:
Cycops spreads its business majorly into four verticals : Training Services Research & development Awareness

Cycops has trained both corporate and Law enforcement departments. Below are few of Cycops training experiences: Trained state cops (Intelligence Department) in catching Cyber Criminals. Trained State Cybercrime department in Crime Investigation techniques. Trained Tanzanian Revenue Authority on Ethical Hacking & Computer Forensics Investigation. Trained corporates like HSBC, GENPACT, GOOGLE, IBM, Kennametal,CtrlS, Adept Technologies etc Seminars on Information security and Ethical Hacking has been given at places like GMRs National conference, MIT (Manipal institute of Technology) etc Have experience in deploying IS services at defense organizations like (RCI, MCEME, Radiant Global, Inc. etc)

10

The following are the fields in which training is provided. Introduction to Information Security Penetration Testing & Ethical Hacking OS Hardening Forensics Investigation Shell scripting & Programming basics Reverse Engineering Malware Analysis Reversing Applications Wireless Security RFID Bluetooth Designing and Implementation of Firewalls & IDS/IPS Log Analysis Incidence Response Public Key Infrastructure

As a part of their services vertical Cycops offer individual services like VULPEN (Vulnerability Assessment & Penetration Testing) SACT (Security Audit & Compliance Test) SADI (Security Architecture Design & Implementation) Decontamination Wi-Fi Security COFOIN (Computer Forensics Investigation)

Another major service of Cycops is its fully managed end to end security solution including design, implementation, service and project management known as FINS (Framework on Information Security)
11

VULPEN:
The automated vulnerability scanning solution provided by CyCops Security helps to ensure the security of your external facing network devices by providing timely and up to date vulnerability scans. Scanning CyCops Security uses two of the world's leading scanning products to provide the automated scanning solution. Both of these products are network-based scanners that can detect vulnerabilities on all networked assets, including servers, network devices, peripherals and workstations.The scans include checks for thousands of security vulnerabilities and are regularly updated as new vulnerabilities are announced.

NETWORK MAPPING:
An optional network mapping component can be included in the package that will review your external network and report on which IPS are active and detect any changes in your external facing network.

SCAN ANALYSIS:
An optional component can be included which provides analysis of the reports by a CyCops Security team member to highlight and quantify the risk of issues reported.

KEY POINTS:

Provides a higher level of security assurance than snapshot 'point in time' vulnerability scans Both of the backend

scanning products are approved PCI scanning vendors and can be used for PCI required network scans

Customized reports range from summary executive reports through to full technical details reports Scan data is kept secure at all times, and reports are delivered in a secure manner

12

PENETRATION TESTING:
Penetration testing simulates an attacker attempting to gain access to a specified target server or application. A penetration test involves the use of automated testing tools as well as manual test methods to review the security from an external or internal perspective.

EXTERNAL PENETRATION TESTING:

Externally facing systems are constantly at risk to attack from the Internet. Newly developed applications and servers to be deployed should all be tested prior to making them publically accessible to ensure the security of the network as a whole.The team at Cycops Security has years of experience in carrying out penetration tests against externally facing network devices, servers and web applications developed on all platforms, and can assure you of a high level of security after a review has been completed.

INTERNAL PENETRATION TESTING:

It is common knowledge that a large number of information security attacks occur from within. By allowing Cycops to step into the role of an employee, we are able to review the network from the inside to determine the security posture of the internal network.Usually specific targets are set, such as accounting/payroll/research systems, with the aim of gaining unauthorized access to the targets from various starting points.

REVIEW INCLUDES:
Attempted unauthorized access to applications, user data, services or internal network devices Credential brute forcing and password guessing Researching previously undiscovered vulnerabilities Testing for all known web application vulnerabilities Vulnerability assessment and network service review Increasing The Value of Penetration Testing is a presentation and white paper, which explains how you as a customer can gain more value from penetration testing.

13

SACT(SECURITY AUDIT&COMPLIANCE TEST):

Our Security Auditing Team assists in verifying that an existing Information Security policy has been implemented. For organizations that have to be audited against the ISO 27001 standards an Information Security Management System (ISMS) policy is developed. This is effectively executed after reviewing the entire network infrastructure and performing the Gap Analysis. The audit report outlines the results clearly stating the reasons for every loophole/vulnerability that has been detected.

Our Approach towards ISMS improvement

SADI(SECURITY ARCHITECTURE DESIGN&IMPLEMENTATION):

Since security is a system property it can be difficult for Enterprise Security groups to separate the disparate concerns that exist at different system layers and to understand their role in the system as a whole.

14

Our service on Security Architecture designing and OS hardening will make you understand the process considerations; to organize architecture and actions toward improving enterprise security. Our Security Architecture design mainly concentrates on four sectors: Network security Host security Application security Data security

DECONTAMINATION:
Businesses around the world are being squeezed by the economic downturn, and the uncertainty facing them is compounded by significant risks due to data leakage, data loss and outside attacks, all of which have increased significantly over the past year. Do you know that an Antivirus company detects an infected system every 4.5 seconds? Do you know that 80% on internet of the loss caused because of Malware (Virus, Worms, Trojans, Keyloggers, Backdoors, Rootkits etc..)? If yes what steps are you taking to come across this kind of problems? What are your information security strengths and weaknesses? Are you protecting your most important business assets? A Comprehensive Security Decontamination performed by CyCops Professional Services can help you evaluate your current security problems regarding malware, so that you can take the next steps to reinforce your defenses.

We at CyCops are committed to helping you make viruses and spyware historyby assisting you over the personal visit to your home or from the convenience of your own home or office you can speak with one of our CyCops professionals, trained in different
15

operating systems, and specializing in virus removal and prevention.

We at CyCops realize that your computer is a tool. It exists to help you get things done more efficiently and with increased productivity. But when your computer is not functioning properly due to viruses or spyware problems, it can feel more like a headache than a tool to bolster productivity. Thats why we will assist you in completely removing all viruses and spyware from your computer. And afterwards, our experts will provide you with the tips and tricks you need to know about keeping your computer free from malicious programs in the future. We know that problems come in all sizes and shapesthats why we charge by the call. With no minimum charge, there is never a problem too small and we can assure you that our professionals will isolate your problem and help you fix it in the least possible time.

COMPUTER FORENSIC INVESTIGATION-(COFOIN):

Computer forensic refers to the detail investigation of the computers to carry out the required tasks. It performs the investigation of the maintained data of the computer to check out what exactly happened to the computer and who is responsible for it. The investigation process starts from the analysis of the ground situation and moves on further to the insides of the computers operating system.

Types of Computer Crime:

Unauthorized use of computers mainly stealing a user name and password Accessing the victims computer via the internet Releasing a malicious computer program that is virus Harassment and stalking in cyberspace E-mail Fraud Theft of company documents.

16

1.7 OBJECTIVES OF THE STUDY

Primary Objective: To find the growth of MANAGED SECURITY SERVICES in India.

Secondary Objective: To find the importance of MSS &how it is useful to the business in global market To find out the benefits of managed security services To identify the major factors influencing the managed security services recommendations for managed security services

17

1.8 SCOPE OF THE STUDY:

This study gives knowledge regarding to how to secure the important data.This is useful not only for officials who is having partial idea about security but also for individuals who does nt have idea about security and also to analyze the major factors influence the growth of the industry. And also to forecast the future of information security industry.

18

CHAPTER-2

19

2.1 REVIEW OF LITERATURE:

SECURITY: Protection with respect to intended attacks, data spying, corruption SAFETY: The condition of being protected from or unlikely to cause danger, risk, or injury: "they should leave for their own safety".Protection with respect to dangerous errors of technical systems. SECURITY GOALS: CONFIDENTIALITY:

Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality has occurred. Breaches of confidentiality take many forms. Permitting someone to look over your shoulder at your computer screen while you have confidential data displayed on it could be a breach of confidentiality. If a laptop computer containing sensitive information about a company's employees is stolen or sold, it could result in a breach of confidentiality. Giving out confidential information over the telephone is a breach of confidentiality if the caller is not authorized to have the information. Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information a system hold

20

INTEGRITY:

In information security, integrity means that data cannot be modified undetectably.This is not the same thing as referential integrity in databases, although it can be viewed as a special case of Consistency as understood in the classic ACID model of transaction processing. Integrity is violated when a message is actively modified in transit. Information security systems typically provide message integrity in addition to data confidentiality. AVAILABILITY:

For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks. AUTHENTICITY:

In computing, e-Business and information security it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine. It is also important for authenticity to validate that both parties involved are who they claim they are. NON-REPUDIATION:

In law, non-repudiation implies one's intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction. Electronic commerce uses technology such as digital signatures and encryption to establish authenticity and non-repudiation. THREATS: Interception: an unauthorized party gains access to service or data. e.g: conversation eavesdropping, illegal copying of data
21

Interruption: services or data become unavailable, unusable, destroyed, etc. e.g:. data is corrupted or lost, denial of services

Modification: unauthorized tampering of data or services e.g:. changing transmitted data, altering database entries

Fabrication: generation of additional data or activity

e.g: adding entries into a password

INTRUSION PREVENTION:
With the increased complexity and sophistication of todays security threats, a firewall is not enough to keep todays networks safe. The Intrusion Prevention service constantly monitors network traffic for any potential threats to network data. Leveraging a continually updated IPS signature database, CYCOPS provides real-time, reliable protection from network and application attacks such as worms, viruses, Trojans, DoS, DDoS, SQL injections, and other blended threats without any degradation of network performance. The Intrusion Prevention service blocks known attacks that dont violate protocol standards or behavioral rules but carry malicious content. It offers proactive protection against zero day attacks and eliminates the window of vulnerability for new and emerging threats when signatures are not available. Spam Tracker Detecting and managing spam is a constant problem for businesses. Its a burden to employees, resulting in lost productivity and frustration. It also clogs email servers, slows network performance, and increases management costs associated with storing and maintaining unwanted email.

The Spam Tracker service automatically detects and manages spam in real-time on enduser desktops and laptops. Once the spam is identified and tagged, it can be directed to a separate email folder, saving your employees time and your business money.
22

Anti-Virus/Anti-Spyware

CYCOPS Anti-Virus/Spyware service provides real-time protection against worms and spyware from both inbound and outbound security threats. CYCOPS leverages a continuously updated list of anti-virus signatures to provide multi-layer defense from known viruses as well as new, unique outbreaks. We provide predictive defenses and complementary responsive techniques to stop these threats as soon as they emerge on the Internet.

CYCOPS Anti-Virus/Spyware service stops unwanted malware before it reaches a network. It minimizes network disruptions from virus and worm outbreaks and responds more effectively to fast-spreading attacks than traditional point and host security solutions. Even if an organization already has an Anti-Virus client deployed, an extra layer of security provides better protection from malicious traffic.

Firewall: A robust firewall is imperative for any business network as a first line of defense against intrusions and other threats. The CYCOPS Managed Firewall filters network traffic, allowing good traffic to pass while blocking potentially harmful traffic. This cost-effective, managed solution protects against unauthorized users, dangerous protocols and common network layer attacks without any impact on network performance.

CYCOPS Managed Firewall is available in Basic Firewall for small businesses and branch offices and Advanced Firewall configurations for medium to large businesses. If a company already has a firewall onsite, CYCOPS managed services can work in conjunction with the existing firewall and equipment, giving additional protection a firewall alone doesnt provide.

23

2.2PERIOD OF STUDY:

I have employed with Cycops India (P) Ltd. from 13/06/2011 to 06/08/2011. I had joined the organization as an intern, worked in the position of management trainee in the operations department. During the tenure, I have worked on a Managed Security Service project headed by Mr. Krishna Chaitanya, Founder & Managing Director and Manager for the client Everyday's Option. My major responsibilities were establishing a channel of communication, set policy, collect requirement from the client, documentation of the Standard Operating Processes etc. I was able to contribute to the optimum and meet the expectations of the organization. The period of study is for two months, from 13 June to 06 Augest 2011

24

CHAPTER-3

25

3.MANAGED SECURITY SERVICES: 3.1 SUMMARY:

THE MSS MARKET IS GROWING DURING THE ECONOMIC DOWNTURN A few years back as companies grappled with IT outsourcing it was safe to assume that the IT security organization was exempt because, as many chief information security officers (CISOs) told us, We would never outsource security. Guess what? Today, one in four now outsource their email filtering, and another 12% are very interested in doing so in the next 12 months. Another 13% already outsource their vulnerability management a treasure trove for potential hackers and an additional 19% say they are very interested in doing so in the next 12 months. Although security spending stayed flat for the most part in 2009, Forrester estimates that the managed services market grew by roughly 8%.1 Today, managed security services (MSS) offerings exist in various forms, from pure system management to more sophisticated log analysis using a number of delivery mechanisms, from software-as-a-service (SaaS) and cloud services to on-premises device monitoring and management. Steady Growth And Vendor Consolidation Point To A Maturing Market Not only has the market been growing steadily over the past few years, but the service provider and market dynamics have also changed due to a series of mergers, acquisitions, partnerships, and reprioritization of MSS portfolios. After a tumultuous 2009, we have seen:

The MSSP market size eclipse $4 billion. Forrester estimates the global size of the managed security services market to be $4.5 billion, which includes out sourced and SAAS security services as well as other annualized security operations.

Mergers and acquisitions enhance current capabilities. The recent acquisition of VeriSign MSS by SecureWorks and the previous acquisitions of Counterpane, Cybertrust, and ISS have all been fairly successful at not just growing the MSSP market share for the acquirers but also at providing the financial wherewithal to invest in areas such as threat intelligence and to build new and enhanced services.

26

Partnerships expand international presence. Another trend is companies expanding beyond the traditional geographic boundaries to serve an increasingly global client base. Recent announcements of Solutionary partnering with e-Cop in Singapore and Secure Works acquiring DNS point to this trend.

3.2 BUSINESS ANALYSIS:

A few years back as companies grappled with IT outsourcing it was safe to assume that the IT security organization was exempt because, as many chief information security officers (CISOs) told us, We would never outsource security. Guess what? Today, one in four now outsource their email filtering, and another 12% are very interested in doing so in the next 12 months. Another 13% already outsource their vulnerability management a treasure trove for potential hackers and an additional 19% say they are very interested in doing so in the next 12 months. Although security spending stayed flat for the most part in 2009, Forrester estimates that the managed services market grew by roughly 8%.

As per 2008 Yankee report, the global market for managed security services is around $9 bn and is growing at a rate of 26% y-o-y. APAC contributes around 35% of the market share, in which India, China and Japan are the key contributors. Therefore, opportunity is huge. Keeping these calculations in mind, we assume that the market size in India should be approximately, $400 mn, says Sunil Bhatt, CTO, Allied Digital. The Market India being a growing economy, the domestic market is evolving very fast. Its not just the large corporate but the SMEs as well who are embracing managed security services in a large scale today. With IT being the backbone of most businesses, it is of utmost importance to secure the environment and protect the infrastructure. With recent cases of hacking, frauds coming into the light, information security has become a pressing concern for CIOs. Many organizations report financial losses due to security breaches resulting in business loss. There is therefore, a growing demand in the enterprises to effectively monitor, detect, report and respond not only to the new security threats, but also to the existing
27

vulnerabilities in corporate IT systems and applications. Additionally, compliance and regulatory requirements are making it compulsory for the enterprises to adapt to latest security technologies and services, to safeguard their core business interest. Present Competitors IBM HCL TCS Verizon Business RCOM

3.3 FUTURE OF MANAGED SECURITY SERVICES:

The concept and practice of Managed Security Services is one that manages and mitigates Risk. Sometimes an intruder gets through the barriers of security that an MSSP manages and has in place to protect an organization. Any losses that the organization receives due to the attack are not the responsibility of the MSSP. The organization and the MSSP have an agreement, that its services will minimize the Risk that is the sum of the Threats and the Vulnerabilities to their organization, as much as technically and humanly possible. No MSSP can fully guarantee protectionalthough there is one.

One company can be classified as being the Next Generation of Managed Security Services. That company is ISS (Internet Security Systems). They are providing a new standard of accountability, whereas they are actually guaranteeing protection against Internet threats. Currently, they are the only MSSP in the industry offering a guaranteed protection solution. How can they do this you ask? They provide a solution that goes beyond simple event monitoring and device management, by offering a money-back guaranteed performance based Service Level Agreement (SLA). They are also providing the industry's only Managed Security Services protection warranty, providing customers with a $50,000 cash payment in the event of a security incident. This ensures 100% accountable, reliable protection.

28

With all of the successful attacks that a typical organization experiences on a day-to-day basis, how can an MSSP afford to provide such a service as a money back guarantee? The answer ISS has come up with is to address this concern, is "Intrusion Prevention".

Intrusion Prevention takes a preemptive approach to security. It is the next level to Intrusion Detection and Firewall perimeter defense. The devices in an Intrusion Prevention system are able to detect and block malicious activity, using sophisticated network analysis techniques and attack signatures. They have the ability to take action against attacks, such as worm outbreaks or malicious insider activity, and help to reduce the impact of fast moving or difficult to detect threats. One device that has had recent success in this department is the Proventia devices by ISS (Internet Security Systems). This suite of products offers a turnkey solution to layered security. It has the capabilities to offer firewall, intrusion detection, intrusion prevention, antivirus, and content filtering, all in one hardware appliance. In turn this device can not only detect attacks, but can stop them before any damage can occur to your infrastructure. It also has the capabilities of doing vulnerability assessments on the fly. It detects when a new device has entered the network and performs active and passive scanning that gives you a real-time picture of your security

29

CHAPTER-4

30

4.MARKET:
The gartner group estimates that more than 70 percent of all vulnerabilities discovered are internal and at application layer. And our experience shows that nine out of ten custmores have at least one serious hole that could lead to customer data disclouser or total system compromise. The CYCOPS penetration testing service looks at a web site from the perspective of a malicious hacker and finds the holes before they can be exploited. Targeting segments: Here the company mostly targeting on three major segments. Those are listed below: Corporate segment Small office home office segment(SOHO) End users

4.1 TARGETED MARKET:

Traditional security approaches focus primarily on keeping malicious intruders and infections away from the corporations business infrastructure. This perimeter orientation can never adequately address the key customer requirements for protecting confidential information unauthorized disclosure or theft of business transactions, operations data, private customer data and other forms of intellectual property. Government regulations, one of the leading market drivers for security in the enterprise, are fueled by the federal governments insistence that organizations provide better protection of confidential information. Information-centric security is a market requirement that a vendor with information management skills can best satisfy. With its emphasis on Information Lifecycle Management, CYCOPS is well positioned to address the enterprise requirements for information security. CYCOPS information-centric security strategy enhances its Information Lifecycle Management expertise by building a foundation with industry leading authentication, encryption and security information management solutions.

31

There are significant task and resource (labor) requirements when creating a secure computing environment. The tasks and resource requirements are realistic for any size company that truly values business continuance, wants to reduce the administrative burden of worms and viruses, and who needs to minimize the threat of unauthorized access. Without the proper attention to the above tasks, it is not a matter of if a security-related event will affect the business, but when

The following chart reflects some high-level benefits and assumptions associated with the minimum security program, a typical state-of-the-art program, and an accurate comparison to an outsourced Managed Security Service Provider.

There are significant task and resource (labor) requirements when creating a secure computing environment. The tasks and resource requirements are realistic for any size company that truly values business continuance, wants to reduce the administrative burden of worms and viruses, and who needs to minimize the threat of unauthorized access. Without the proper attention to the above tasks, it is not a matter of if a security-related event will affect the business, but when

The following chart reflects some high-level benefits and assumptions associated with the minimum security program, a typical state-of-the-art program, and an accurate comparison to an outsourced Managed Security Service Provider.

Security Program Requirements Staffing Requirement Staff Experience Monitoring & Response Administration Backup & Recovery Vulnerability Testing

In-house Minimum Security 1 Employee Junior - Mid. Level 9AM 5PM 9AM 5PM Business Hours Perhaps? / NonProfessional

In-house State-of-the-Art 6 Employees 24x7x365 coverage) Mid. Level * 24x7x365 24x7x365 Immediate Quarterly / Professional

Outsourced Security Service Outsourced Security Team Expert 24x7x365 24x7x365 Immediate Quarterly / Professional

32

4.2 RECOMMENDATION FOR MSS MARKETING:

WEBSITE MARKETING STRATEGY

Recent studies indicate that 62% of small businesses are marketing their products and services online through Internet tools, such as websites, search engine optimization, banner advertising, and email marketing. Internet marketing can be a time and cost-saving supplement to your overall marketing strategy.

Imagine being able to tap into the global marketplace from the convenience of our home office. Imagine reaching a much wider audience, quickly measuring the results of your marketing efforts, and having the ability to readily and cost-effectively adapt to changes in the marketplace, all with the click of a mouse. The Internet now makes this possible. And, as more small businesses go online, the Internets influence on marketing grows significantly each year. In 2005, Internet sales revenues are likely to surpass USD $133 billion worldwide.

INTERNET MARKETING

Internet marketing is the component of marketing that deals with the planning, pricing, promotion, and distribution of your products and services online. Good Internet marketing strategies clearly communicate a firms unique selling proposition, or the unique collection of benefits that creates value for its customers.

Everything you do to promote your business online is Internet marketing. For example, Internet marketing strategies include (but are not limited to) website design and content, search engine optimization, directory submissions, reciprocal linking strategies, online advertising, and email marketing.

33

Benefits The Internet is the widest channel of communication available to small businesses. It can help level the playing field for small businesses on a limited budget that seek to compete in large markets. No other communications medium enables you to operate a business from your home, while giving a small business the appearance of a larger, more established operation. Marketing your product or service online offers the opportunity for increased communication with your target market through techniques such as interactive websites, email newsletters, online surveys and forms, blogs, and discussion groups. The Internet allows you to collect immediate feedback from your client base with little out-of-pocket expense. Print marketing materials and advertising strategies can be expensive to produce and traditionally have a short shelf life. Internet marketing techniques such as websites, banner ads and email newsletters, can be produced at a reasonable cost, can contain more timely information than print brochures, and can be immediately and costeffectively updated as your business changes. Global Approach: Internet market allows us to serve an extensive portfolio of clients worldwide

Web Site marketing strategies Website Development & Search Engine Optimization (SEO) Submitting your Site to Search Engines and Directories Growing Inbound Links Online Advertising Models Publishing on Third-Party Websites Permission Marketing Using Email Business Blogs Affiliate/Referral Programs

34

` DEVELOPMENT REQUIREMENTS

Designing and building a website is only one aspect of bringing your business online. With billions of websites on the Internet, its just as important that you ensure people can find your website. And, since most website traffic still comes from search engines and directories 98% of Internet users claim they use search engines regularly you may want to focus your initial web marketing efforts on search engine optimization. The Internet is not the pot of gold at the end of the rainbow. It takes time, dedication and skills to be successful online. Without a solid business model, the skill set to effectively market and sell your product or service online, and a carefully planned marketing strategy, you will have little chance of succeeding online.

Search engines such as Google and Yahoo index billions of web pages and rank them according to complex algorithms that assess a pages accessibility, its relevance based on specific search terms or keywords, and importance indicated by the number of sites that link to it. Search engine optimization (SEO) refers to the work that is done to a website to ensure it gets noticed and ranked highly by search engines. Ideally, you want to strive for a top ten ranking, because studies have shown that most search engine users dont scroll past the first page of results.

Keep in mind, SEO is not an exact science, and as such, SEO specialists often use slightly different methods. That said, generally, SEO includes: Building a website using search engine friendly coding techniques that minimize the use of Flash and frames Researching appropriate search terms called keywords or keyword phrases that fit the target market Incorporating keyword-rich content into a websites domain name, meta tags, title tags, alt tags, headings and overall content, and ensuring that content is updated regularly. Submitting the website address to search engines Developing a reciprocal linking strategy with other websites to grow quality inbound links to the site
35

CHAPTER-5

36

5.FINDINGS,SUGGESTIONS&CONCLUSION 5.1FINDINGS:

In future the growth of information security industry will be higher. In Hyderabad cycops is the leading information company cost of managed security service is usually lower than hiring in-house full- time experts. MSSPs are able to spread their investment in infrastructure and people across several clients. shortage of qualified security personnel puts big pressure on companies to recruit, train and retain their security staff. MSSPs have better insight into evolving security threats directly and indirectly because of their focus and wider install base. MSSPs can provide objectivity, independence, liability protection, dedicated facilities, 4 and round-the-clock service. While current MSSPs focus on their relationships with government entities and large companies, benefits of managed security services are also appealing for small and medium size companies due to relative amount of resources that they have to commit to security operations. MSSP service offering is attractive to a wide range of organizations and study of MSSP markets has real practical value. A compound annual growth rate in the market of Managed SecurityServices Providers (MSSP) is estimated to be at least 17-20%. The entire market is expected to grow from $1.7 billion in 2007 to 3.2-3.7 billion in 20115-12. In addition, there is significant
37

consolidation in the MSSP market with the number of providers getting smaller while increasing their range of services.

The cost/benefit tradeoffs for MSSP arrangements are still not well understood. The risks of working with MSSP include issues of trust, dependence on outside entity for support of critical functions, and ownership of systems (Allen et al.,2003).

5.2 SUGGESTIONS: Cycops should increase their branches throughout INDIA

Attitude building Training and Development programs

It is suggested that the organization can recommend its customers like individuals employees,software officials to know the need of information security. Trained and experienced hands should be employed in infrastructure to the customers. It suggested that organization can recommend all organizations (small,middle,large) to create new infrastructure by using information security policies inorder to keep the companiess data safely. The customer should forecast the need of security while fixing the safety equipement. The reason you're buying a firewall is because you're network's hardware and software isn't secure and that functionality should be embedded in your network. So, the future of security doesn't have it disappear, but it becomes embedded into the products you buy into your operating system, into your networking, and as you buy larger things, security stops being a separate thing you buy and instead becomes a component of everything you buy. The customer should get the security services from information security company which has more good will and more potentiality. company to high security

38

5.3 CONCLUSION: In the ever changing world of Information Technology, the faster the changes take place, the greater the threats will become. Hence, Information Security has never been more important than it is today, and it will only become more important in the future. A company needs to consider security needs to their network as a first priority. With that being said, the best option today for securing your infrastructure is through outsourcing. While outsourcing functions of a business (in general) is advantageous in many ways, outsourcing security functions has now become vital.

The benefits of Managed Security are a huge plus to any company today. But with the new services that MSSPs are offering and will start to offer well into the future, the managed security solution has gone way past being a luxury, and has now become a necessity.

In this report we examine the economic rationale for MSSP networks, i.e., to provide an economic rationale for why firms may choose to outsource security. Our results demonstrate that there are multiple interplaying factors that define attractiveness of MSSP networks to potential customers. The desire of firms to join a MSSP network to pool risk may be outweighed by the substantial start-up costs required under a consortium based approach. We also examine the growth and structural characteristics of optimal networks under a consortium based market structure and under a for-profit MSS provider, representing a monopolist setting. We identify the existence of critical mass problem in the formation of viable MSSP networks and suggest approaches that help overcome the critical mass problem. We show that our approach to overcome critical mass problem is optimal since it supports the minimum feasible initial network size for a feasible consortium based MSSP network. We define optimal growth strategies and economic rationale for viable MSSP networks under a consortium based approach and profit maximizing approach. Since joining a profit maximizing provider has less risk during the start-up as compared to consortium where an initial investment may be required, our results provide economic rationale for the observed phenomena of existence of more for-profit seeking

39

MSSP networks as compared to MSSP consortia. We also show that a for-profit provider may achieve larger network size than a consortium. APPENDICES: MANAGED FIREWALL A robust firewall is imperative for any business network as a first line of defense against intrusions and other threats. The CYCOPS Managed Firewall filters network traffic, allowing good traffic to pass while blocking potentially harmful traffic. This cost-effective, managed solution protects against unauthorized users, dangerous protocols and common network layer attacks without any impact on network performance.

CYCOPS Managed Firewall is available in Basic Firewall for small businesses and branch offices and Advanced Firewall configurations for medium to large businesses. If a company already has a firewall onsite, CYCOPS managed services can work in conjunction with the existing firewall and equipment, giving additional protection a firewall alone doesnt provide.

INTRUSION PREVENTION

With the increased complexity and sophistication of todays security threats, a firewall is not enough to keep todays networks safe. The CYCOPS Intrusion Prevention service constantly monitors network traffic for any potential threats to network data. Leveraging a continually updated IPS signature database, CYCOPS provides real-time, reliable protection from network and application attacks such as worms, viruses, Trojans, DoS, DDoS, SQL injections, and other blended threats without any degradation of network performance. The Intrusion Prevention service blocks known attacks that dont violate protocol standards or behavioral rules but carry malicious content. It offers proactive protection against zero day attacks and eliminates the window of vulnerability for new and emerging threats when signatures are not available. Spam Tracker
40

Detecting and managing spam is a constant problem for businesses. Its a burden to employees, resulting in lost productivity and frustration. It also clogs email servers, slows network performance, and increases management costs associated with storing and maintaining unwanted email.

The CYCOPS Spam Tracker service automatically detects and manages spam in real-time on enduser desktops and laptops. Once the spam is identified and tagged, it can be directed to a separate email folder, saving your employees time and your business money. Anti-Virus/Anti-Spyware

CYCOPS Anti-Virus/Spyware service provides real-time protection against worms and spyware from both inbound and outbound security threats. CYCOPS leverages a continuously updated list of anti-virus signatures to provide multi-layer defense from known viruses as well as new, unique outbreaks. We provide predictive defenses and complementary responsive techniques to stop these threats as soon as they emerge on the Internet.

CYCOPS Anti-Virus/Spyware service stops unwanted malware before it reaches a network. It minimizes network disruptions from virus and worm outbreaks and responds more effectively to fast-spreading attacks than traditional point and host security solutions. Even if an organization already has an Anti-Virus client deployed, an extra layer of security provides better protection from malicious traffic.

WEB FILTERING

An easy way to enforce Internet usage policies, CYCOPS Web Filtering service is continually updated to ensure policies include the latest threat protections. The service includes: Content Filtering: Blocks access to Internet sites by category content White List / Black List Filtering: Allows or denies access to selected web sites.

Separately or in tandem, these services help organizations achieve a balance between managing employee Internet access and enforcing Internet use policies. The result is improved employee

41

productivity, decreased risk of legal liability from employee Internet activity, and optimal use of IT resources. PERSONAL PROTECTION SUITE CYCOPSs Personal Protection Suite provides managed protection for a companys entire distributed workforce by defending and protecting all computers and corporate resources from malicious attacks with the following layers of fully managed security on all the devices that connect to a companys network: Data Loss Prevention (DLP) Content control solution to monitor and prevent data loss across your network. Safeguard intellectual property, customer information and proprietary data in motion, at rest and in use. Gain immediate visibility and control over the unauthorized release of confidential information Comprehensive security platform for the entire enterprise CYCOPSs DLP Management Center provides executive dashboards, powerful event search and archiving. The CYCOPS Personal Protection Suite provides industry-leading security features and the benefits of a fully managed service. Theres no equipment to buy so no capital expenses and only a nominal recurring fee. CYCOPS provides installation, configuration and deployment support, as well as ongoing management and maintenance, including automatic updates. This highly secure, fully managed and integrated solution saves time, money and IT resources while reducing the number of threats to your network.

42

BIBLIOGRAPHY: Books:
L.M. Applegate, R.D. Austin and F.W. McFarlan Corporate information strategy and management (7th Edition). McGraw Hill, 2007. P. Bocij, A. Greasley and S. Hickie Business information system (4th Edition). Prentice Hall, 2008 D. Boddy, A. Boonstra and G. Kennedy. Managing information system strategy &organisation (3rd Edition). Prentice Hall, 2008.

Sources from internet and reports:

(Computerwire, 2002) (Kavanagh 2002) (Yasin 2001, Van Mien and Praveen 2003, Sturgeon 2004a) (Phifer 2004) (Sturgeon 2004b) Forrester 2009 report 2008 Yankee report

43

Websites:

www.cycops.co.in www.google.com

www.wikipedia.com News Papers :

Indian Express Hindu Economics Times

44

45

46