More enterprise business customers are turning to managed security service providers to help them cope with the complexities of network security, especially when it comes to intrusion prevention .

MSSP offerings are expected to generate about $1 billion in spending this year, says Allan Carey, a program manager for business and continuity services at IDC. The $1 billion is part of an overall security services spending projection, which includes consulting, training, implementation and MSSP costs, of about $7.4 billion for 2005.

Security audits and regulatory compliance are just two of the reasons organizations are more interested in MSSP offerings, says Kelly Kavanagh, an analyst at Gartner. MSSP services can help with audit compliance through documented monitoring, reporting and remediation, he says.

Users have become more willing to outsource their security needs to a third party. "Over the past couple of years enterprise customers have become more comfortable with the level of maturity in the MSSP market," Carey says.

Many organizations also don't have the capital to deploy the hardware and software necessary to support their own intrusion detection, intrusion prevention, anti-distributed denial of service or other security services, he says.

Compliance was one of the key reasons why Boiling Springs Savings Bank switched to MSSP Perimeter Internetworking, which specializes in offering managed security services to small banks.

Boiling Springs is a $1.1 billion thrift with 14 locations in northeastern New Jersey that uses Perimeter's intrusion-detection services, says Kenneth Emerson, director of strategic planning and CIO. Emerson says he sold the board of directors on Perimeter's services by explaining that they are essentially an "insurance policy against lost customer confidence."

About three years ago Boiling Springs turned to Perimeter to shore up the bank's security support. Emerson says he had an ISP that knew security, but didn't have a Level II Statement on Auditing Standard (SAS) review. This is a specialized audit that verifies a company's operational and internal controls over processing user transactions.

"It's up to me to engage a firm that has a SAS 70. If they don't, then it's up to me to have one done. They're expensive - about $30,000 to $50,000," Emerson says. "My ISP said they were looking into having one, but I needed something more proactive."