Re: Managed Firewall Service - Opinions

[Jeffery.Gieser () minnesotamutual com]

#What are a few pros and cons that come to mind versus managing
#the firewalls yourself?

I looking into managed firewall services and really did not care for what I
saw.

1.  It was pretty expensive. We were quoted prices between $500 and $1,000
a month per firewall per remote office.  These offices had 5-50 people
depending on the office.  This is cheap if you can completely get rid of
your security department/person but your security department/person should
be doing more than managing firewalls and with only 700 people in your
company the firewall should take a few hours a month worth of admin time.

2.  Their turnaround time was 48 hours on a request.  In my mind this is
unacceptable.  If your current users are used to a quick turnaround when
they call you then they will not like this at all.

3.  They usually only allowed a maximum number of rules.  We saw this vary
from about 15 to 20 rules with the vendors we looked at.

And the most important reason

4.  They usually force you to sign an agreement stating they are not
resposible for any security incident at your site even if it results from a
configuration mistake that they made on your firewall.

#Do these companies manage the firewalls as we currently have them, or
#do they install/configure their own? - currently we use Gauntlet
firewalls.

The companies I looked at used their own firewalls but there are companies
that will manage yours.  I am sure you are well aware that Guantlet is
going away so maybe this isn't a big deal.  I do not know of any large
managed firewall companies that manage Sidewinders in case you follow the
recommended Secure Computing upgrade path.

Regards,
Jeffery Gieser


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards