Security – services preferred vs buying products

Reported by: |Updated: November 23, 2018

Opting for Managed Security Services (MSS) including VA/PT and AppSec, anti-phishing and brand monitoring is the preferred option as compared to purchasing products and licenses, feels Nabankur Sen, security advisor at Bandhan Bank. He delves deeper and tells Banking Frontiers that the biggest gaps between promise and delivery by prominent eSecurity vendors are closure of vulnerabilities identified, transparency in alert generations and reporting and addressing false positives / false negatives. He shares his biggest frustration with vendors of non-security products that applications are not tested and made security bug-free before delivery. He would foresee a model where fewer number of multi-solution eSecurity vendors to which BFSI sector would move in the near future.

Prateek Mishra, CISO at IDBI Federal Life Insurance Co, who has also given his views for the feature, says automatic ticket creation and closure tool and Network Access Control (NAC) are the items preferred as services rather than products. He is of the view that security vendors are not able to cope when the volume increases, and they are re-branding the same products by putting AI/ML tags. He also sees reluctance on the part of vendors of non-security products for strict adherence to security policies.

Mishra sees the model of an increasing number of specialist eSecurity vendors as emerging for the BFSI sector in the near future.

Vivek Gupta, CISO at Allahabad Bank, says MSS through qualified, experienced and sufficient support team on a 24×7 basis with network, email, user and database security, along with secure configuration is more meaningful than procuring and installing security products alone. “Frequent VAPT and IS audit, supported with balanced and quick compliance of the same is another important pillar of strong security basis of an organization. Moreover, security services such as availing anti-phishing, anti-malware, website monitoring, etc, can be outsourced to professional vendors having world-wide tie-up arrangement for taking down fake sites, which are otherwise not cost effective when handled in-house,” says he