IDS mailing list archives
RE: How to choose an IDS/FW MSS provider
From: "Palmer, Paul (ISSAtlanta)" <PPalmer () iss net>
Date: Tue, 15 Mar 2005 12:43:33 -0500
For example ISS is strong as a product vendor but is just moving to
the market for delivering services. ISS has more experience in the MSS market than you give us credit for: "Internet Security Systems (ISS) has been setting the standard for accountability, reliability and protection in Managed Security Services since 1995." -- http://www.iss.net/products_services/managed_services/ -----Original Message----- From: fuijdancer () yahoo com [mailto:fuijdancer () yahoo com] Sent: Saturday, March 12, 2005 4:10 AM To: focus-ids () securityfocus com Subject: Re: How to choose an IDS/FW MSS provider In-Reply-To: <422C2FDB.5030404 () ecologie net> Appears that the discussion is more about selecting a right IDS/IPS solution rather then selecting a Managed Security Service provider, which was the question. When selecting a MSS provider (IDS/FW alike) of course you must be convinced that the use the right tools/products. Some providers use commercial ones like Netscreens, CP, ISS,...... others use there own spin-offs or open source. More importantly is almost how they provide there services, the SLA and operational procedure agreements, there incident handling capability and of course the security experience they bring to your company. For example ISS is strong as a product vendor but is just moving to the market for delivering services. When selecting a MSS also normal classic outsourcing aspects must be considered. Since you are outsourcing part of your security monitoring and incident handling process special care should be taken here. For example there are large companies or product vendors who "also do security services", but there are also dedicated MSS companies. Often small specialized companies but with a large insight in the issues that really matter. Remember, it's no t just the product that you buy, it's about the service and quality of the monitoring and incident handling that protects your company assets. Everyone will sooner or later get (there own) products working, that's not the issue here. Smaller companies can also better control who is monitoring your networks and systems. Big MSS providers just have a pool of people monitoring, maybe even from different SOCs. However some customers require that they must be convinced that only a limited number of persons are involved providing the service. My company for example only works with top-level screened security staff. Therefore we are able to guarantee who is doing what, when and how. And what about incident handling and response? If something might happen is your MSS there for Protect & proceed or Pursue & prosecute? Product vendors or normal IT companies entering the MSS market often lack this experience. Global market presence is often only limited needed since MSS is only providing a small part of the total infrastructure. Therefore small MSS companies may just pickbag on already in place service structures. The MSS services themselves are completely independent of location. Author works at a highly specialized dedicated Forensic and MSS company providing services to global customers and law enforcement. ------------------------------------------------------------------------ -- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: How to choose an IDS/FW MSS provider, (continued)
- Re: How to choose an IDS/FW MSS provider fuijdancer (Mar 14)
- Re: How to choose an IDS/FW MSS provider Stephane (Mar 16)
- Re: How to choose an IDS/FW MSS provider Peter Schawacker (Mar 14)
- Re: How to choose an IDS/FW MSS provider Kevin (Mar 14)
- Re: How to choose an IDS/FW MSS provider Will Metcalf (Mar 16)
- RE: How to choose an IDS/FW MSS provider Dahl-Hansen, Kjetil (Mar 16)
- RE: How to choose an IDS/FW MSS provider Joshua Berry (Mar 16)
- Re: How to choose an IDS/FW MSS provider Peter Schawacker (Mar 16)
- Re: How to choose an IDS/FW MSS provider Mark Teicher (Mar 16)
- Re: How to choose an IDS/FW MSS provider David W. Goodrum (Mar 19)
- RE: How to choose an IDS/FW MSS provider Palmer, Paul (ISSAtlanta) (Mar 16)
- RE: How to choose an IDS/FW MSS provider THolman (Mar 16)
- Re: How to choose an IDS/FW MSS provider Sasser (Mar 19)
- Re: How to choose an IDS/FW MSS provider Mark Teicher (Mar 16)
- RE: How to choose an IDS/FW MSS provider THolman (Mar 16)
- RE: How to choose an IDS/FW MSS provider Andrew Plato (Mar 16)
- Re: How to choose an IDS/FW MSS provider Andre Ludwig (Mar 19)
- Re: How to choose an IDS/FW MSS provider Prashant Khandelwal (Mar 24)
- Re: How to choose an IDS/FW MSS provider Andre Ludwig (Mar 19)
- Re: How to choose an IDS/FW MSS provider Adam Powers (Mar 19)
- RE: How to choose an IDS/FW MSS provider Chris Harrington (Mar 19)
- RE: How to choose an IDS/FW MSS provider KoƧ.net (Mar 19)
(Thread continues...)
- Re: How to choose an IDS/FW MSS provider fuijdancer (Mar 14)