Mediated overlay services (MOSES): Network security as a composable service

In recent years, organizations have been shifting focus to their core business competencies, and reducing total cost of ownership (TCO) associated with training and management of their IT infrastructure. In the same motif, organizations are establishing security and survivability frameworks as an integral part of their business strategy so as to provide an acceptable quality-of-service for their clients and employees. However, the current paradigm of outsourced managed security service providers (MSSPs) is often difficult to transition to, offers little control to the organization, does not allow ldquobest of breedrdquo composition, and risks vendor lock-in due to the complexity of migrating to a different MSSP. We present MOSES (Mediated Overlay Services), an architecture for composing network security services such as anti-spam, antivirus, automated vulnerability detection and mitigation, and filtering. MOSES is roughly modeled on the web services framework. In addition to ease-of-deployment, MOSES allows for economies of scale and a reduction to the total cost of ownership. In this paper, we discuss our motivation and high-level view of such an architecture. We highlight the advantages, illuminate potential drawbacks, and discuss a broad research agenda toward realizing this vision.