SAN MATEO (03/27/2000) - One year ago this week, the infamous Melissa macrovirus wreaked unprecedented havoc on corporate and consumer e-mail systems worldwide, setting the stage for a long list of troublesome viruses and worms that followed, and prompting a shift by major anti-virus vendors toward managed services.
"I think it's unrealistic to think end-users today are going to be able to keep up with all the threats and vulnerabilities that can occur at their perimeter.
Managed services is the only way they can deal with it," said Matthew Kovar, an analyst at the Yankee Group, in Boston. "We are seeing a plethora of vendors coming along the lines of offering security services. It makes sense."
Among the anti-virus vendors getting into the outsourcing game include the McAfee division of Network Associates Inc. (NAI), Symantec, and Internet Security Systems.
Last year, virus attacks on information systems around the world led to $12.1 billion in spending, according to Computer Economics, a research firm based in Carlsbad, Calif. Computer Economics examined virus eradication and loss of productivity costs from IT executives to reach its findings.
From a security standpoint, the e-mail-deployed Melissa caught so many businesses off-guard because the victimized companies were using purchased security products "without a manual," exposing a lack of response mechanisms, said Jeff Johnson, CEO of Meta Secur E-com solutions, in Atlanta.
This week, McAfee is announcing that Elron Software will add McAfee's anti-virus-protection software into its CommandView family of Internet Policy Management products to enable service providers to offer increased malicious code protection to customers.
Meanwhile, earlier this month, Symantec acquired the vulnerability assessment and security consulting business of L-3 Network Security for $20 million. The acquisition is expected to bolster Symantec's pre-and post-sales support in a clear step toward a managed services capacity.
And in January, Internet Security Systems teamed up with BellSouth to co-develop a set of Managed Security Services (MSS) for BellSouth customers.
BellSouth MSS will feature a managed firewall, intrusion detection and response, and anti-virus-filtering.
Although outsourcing isn't an option he would consider because company resources allow him to handle security in-house, Marc Perl, business manager at Debit Point of Sale Products at Visa, in Foster City, Calif., said such services might be perfectly suited for many companies.
"We're coming back to a point that outsourcing becomes a viable economic option," Perl said. "It boils down to how much [companies] depend on a telecom infrastructure and whether or not they can gain a competitive edge by outsourcing the security of the entire network."
But Meta Secur E-com's Johnson isn't sold on anti-virus vendors providing the managed services.
"I think it's a little dangerous for a client to subscribe to a vendor for that kind of service, because then you're tied to that software," Johnson said.
"I wouldn't recommend using a product company to be your managed service provider," he added.
Trail of malicious code
IT has grappled with an explosion of security attacks in the past year.
* March 26, 1999: Melissa virus
* May 26, 1999: Pretty Park worm
* June 6, 1999: Worm.ExploreZip worm
* July 12, 1999: Back Orifice 2000 (BO2K) virus* Nov. 8, 1999: The Bubbleboy virus* Nov. 9, 1999: Funlove virus* Dec. 7, 1999: W95.Babylonia polymorphic virus