In many companies, security is little more than a checkbox on a compliance document. “Employees, check! IT Services, check! Security, check!” And so on....

If you’ve already outsourced the whole of your security monitoring to a managed security services vendor so that you can check your compliance boxes, stop reading and sell this copy on eBay. You probably haven’t even cracked the binding, so you can list it “like new.” In our experience and with talking to customers, it is extremely rare to find an outsourced security services vendor who really understands the network and security context of its clients, and as such restricts its effectiveness to the simplest of security problems. Imagine the following proposal: you want to know when someone copies customer data from your database systems to his desktop. How would an outsourced security provider do this? Rather, how much would such a provider charge to do this? The service supplied by most providers is limited to regular reports of selected NIDS alerts—the same NIDS alerts selected for every client—and affected IP addresses—not all that useful, in our opinion.