Firewall Wizards mailing list archives
RE: Managed Firewall Service - Opinions
From: "Paul D. Robertson" <proberts () patriot net>
Date: Mon, 21 Apr 2003 11:19:20 -0400 (EDT)
On Mon, 21 Apr 2003, Melson, Paul wrote:
There are two purposes, the first, and main is *operational*outsourcing.24x7 coverage, alerting, event interpretation and reporting, platform maintenance, etc. The second is being able to ask "what's the bestway todo $foo?"Alerting and event interpretation sound like risk analysis tasks to me.
Not really, they're more operational tasks than analytical tasks. Way more math goes into a real risk analysis than "Hmmm, that looks bad, I should call someone!"
If your service provider isn't doing some form of risk analysis based on their knowledge of your environment and the Internet in general before contacting you, then you could probably replace them with a software product, yes?
Not really, again, as I see it, it is more of an operational outsourcing than a knowledge outsourcing (or more properly, the knowledge piece is really more operational than policy-based.)
Anyone who expects magical insight is fooling themselves at the price points MSSPs charge. A full security service looks at a heck of a lot more than just the firewall ruleset (and costs a heck of a lot morethanmanaged monitoring of one or two devices.)I couldn't agree more. If you read back to the beginning of the thread, I gave this exact piece of advice to Frank when he first broached the subject. It's important to work with a vendor that brings more to the table than just "a few guys that can write access-lists." I guess because I work for the latter, I failed to distinguish between a service provider that only makes requested changes to the firewall and one that manages the firewall in conjunction with a bevy of other security services.
Oursourcing operational management is different than outsourcing or "teaming" or whatever other buzzword you want to use for a larger security service. For people who just want to outsource their firewall/IDS stuff, the expectation that some magic security bunny is going to hop over their ruleset changes with a risk picture isn't a good expectation to set. Telnet to a *nix box running Solaris 4.3 is something completely different from telent to a well-managed mainframe for access to public real estate data. "A bevy of other security services" cost a bevy of more dollars, and requires a significantly larger trust extension. Plugs like that aren't relevant to the thread, and I'll actively resist responding to them directly on list[1]. Heck, I don't think most internal company firewall administrators are given enough insight into the business to understand the risk implications of the changes they're asked to make, Real risk analysis is a structured and somewhat invasive process that requires a lot more insight into a company's network, culture, policies, operational levels, business, growth strategy, etc. than folks contracting firewall management and monitoring tend to get. Paul [1.] My employer competes in this space, and I moderate the list, I'll be more than happy to respond off-list, but marketing-ish slants aren't appropriate here. ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX Config Problem, (continued)
- PIX Config Problem Paul Stewart (Apr 22)
- Re: Managed Firewall Service - Opinions Mike Hoskins (Apr 18)
- Re: Managed Firewall Service - Opinions R. DuFresne (Apr 19)
- Re: Managed Firewall Service - Opinions Mike Hoskins (Apr 19)
- Re: Managed Firewall Service - Opinions R. DuFresne (Apr 19)
- RE: Managed Firewall Service - Opinions Behm, Jeffrey L. (Apr 19)
- RE: Managed Firewall Service - Opinions Melson, Paul (Apr 21)
- RE: Managed Firewall Service - Opinions Dave Piscitello (Apr 21)
- RE: Managed Firewall Service - Opinions Mark Tinberg (Apr 25)
- RE: Managed Firewall Service - Opinions Paul D. Robertson (Apr 21)
- RE: Managed Firewall Service - Opinions Dave Piscitello (Apr 21)
- RE: Managed Firewall Service - Opinions Melson, Paul (Apr 21)
- RE: Managed Firewall Service - Opinions Paul D. Robertson (Apr 21)
- RE: Managed Firewall Service - Opinions Melson, Paul (Apr 21)
- RE: Managed Firewall Service - Opinions Dave Piscitello (Apr 21)