IDS mailing list archives
Re: MSSP / IDS Selection
From: "Mike Coliton" <MCOLITON () twmi rr com>
Date: Thu, 24 Mar 2005 02:23:50 -0500
KJP after being involved in MSSP from back in 99, I did then and still have today these thoughts. Each organization should ask themselves these questions before choosing a MSSP company: 1. What is my enterprise and network topography? 2. What Security products available today best suit my environment (application level, OS level, and Network performance level)? 3. What providers can manage those specific products well? 4. Can these providers manage my legacy products effectively as well? 5. Which providers will allow me to control the SLA? 6. Which providers can effectively do this within my budget? 7. What is my business reason for outsourcing mgmt? Ask yourself these questions, then do the homework on the technology (Neohapsis and NSS have neat whitepapers). Get references from each MSSP, though mainly references with similar environments as yours. Best of luck Mike ----- Original Message ----- From: "David W. Goodrum" <dgoodrum () nfr com> To: "KJP" <kjp011975 () gmail com> Cc: <focus-ids () securityfocus com> Sent: Saturday, March 19, 2005 4:38 PM Subject: Re: MSSP / IDS Selection
If you're still trying to determine whether or not to go with an MSS vs building it inhouse, I think you need to look at a number of factors. We find ourselves often recommending our smaller installations to go with an MSS so that they can get the full benefits of an expert staff and the 24 x 7 operations. Larger enterprises typically already have an "expert" staff and can leverage off that to implement their own systems. But, as you've stated, the costs of going with an MSS sometimes seem a bit overwhelming. But, potentially, the reason for the sticker shock is because of the vendors you've selected to evaluate as an MSP. You picked the big names that everybody knows. At NFR we have a number of providers that we recommend depending on the need of the customer. Some customers don't care about 24 x7, and don't want to pay an MSS for that type of service. For those customers we often recommend local shops that are often cheaper than some of the big names that you have chosen below. Perhaps you are looking for the managed IDS without all the bells and whistles to save on cost. Those providers do exist, but you usually won't find them unless you go through the IDS vendor for the recommendation. I notice that NFR was not on your list, but you could easily contact the other IDS vendors you mentioned below and they could probably point you in the direction of some of the less expensive MSPs. You could take one vendor recommendation and then compare those "smaller" MSP's to see how they compare. On the other hand... if you have the staff, or just want the experience, you could always try doing it in house first. Most MSPs will happily take over an existing install if you later decide to outsource the management of your system. -dave KJP wrote:I have spent much time researching various MSSP's NetSec, Verisign, Counterpane, and LURHQ for my company. After much research we decided to go with Verisign for numerous reasons. After selecting Verisign we began narrowing down pricing. On a monthly level the pricing looks ok, until you look at it at a yearly level the pricing starts to get scary. We looked into doing the same service internally using Snort. I remembered the comercial implentation of Sourcefire and began researching it. It appears to offer services that Snort does not, RNA and Defense Center offer the pieces missing from Snort, plus it packages the support so I don't need to worry about hardware support, OS support, etc. What are the opinions of Snort and Sourcefire versus ISS, Cisco, Enterasys, Symantec? Thanks in advance.--------------------------------------------------------------------------Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.---------------------------------------------------------------------------- David W. Goodrum Senior Systems Engineer NFR Security 703.731.3765 -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- MSSP / IDS Selection KJP (Mar 16)
- Re: MSSP / IDS Selection David W. Goodrum (Mar 23)
- Re: MSSP / IDS Selection Mike Coliton (Mar 24)
- <Possible follow-ups>
- RE: MSSP / IDS Selection Phil Hollows (Mar 19)
- Re: MSSP / IDS Selection Mark Teicher (Mar 19)
- Re: MSSP / IDS Selection David W. Goodrum (Mar 23)