RE: Managed Security Metrics

["R. DuFresne" <dufresne () sysinfo com>]

On Tue, 6 Mar 2001, Mike Smith wrote:

> I'm looking for a service provider that covers more than firewall
> management; it should offer internal IDS, anti-virus, content filtering
> (incoming and outgoing), etc.  Down the road, I may look for services like
> password management, PKI management, maybe even integrated physical
> security.

With the BIGTIME <tm> provider I was with, all the above except the simple
FW mgt. was added cost.  And things like 'internal' IDS would require a
special agreement, as we placed them devices on the exposed side of things
and they functioned in such a noisey manner the data they spewed was
pretty much worthless for any decent metrics.  Of course, I do think the
biggest problem was the lack of skilled folks to determine what actually
it was they saw in logs and the like.  The caution here being;  not all
the folks watching your devices are going to be equally skilled and adept.
I';d say out of 30+ we had maybe 3-4 with real clues, the others learned
on the fly, not to say they were not fast learners...

> My research tells me the SLA is the main way to tell what I'm getting for my
> money and to compare providers.  I expect the provider to have a service
> that implements my security policy (after we jointly review, and update if
> necessary, that policy to make sure it's appropriate and supportable with
> the provider's offering; I expect the provider to give advice in that area
> as part of the service).

Of course we implemented *your* sec policy, in fact cause so few had a
clue, if you wanted to do something stupid <tm> most would certainly let
you turn your firewall into a router, or worser.  Advice was a totally
different matter, as in lacking...


> The SLA is also my contract.  It defines "good" service, and ideally defines
> rebates (to me) or penalties (to the provider) if the service isn't "good."
> But "good" has to be objective and the provider has to be able to
> demonstrate that it was "good" during a given reporting period.

Again, we found the metric of most concern was uptime, outages of anysort,
whether justified or not, were the only real issues we ever saw.  Of
course this tended to reflect the clue level of the clients.

Again, I offer these words as advice, because we were not a small time
proivider <tm> nor new to the game, we managed your pipes, your network on
the whole, or your perimiter, whatever you had the bucks to outsource, we
probably did.  Did that make us the best <tm>?  Not from were I sat it
didn't.

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards