IDS mailing list archives
Metrics when comparing MSSPs
From: Bob Huber <roberthuberjr () yahoo com>
Date: Tue, 29 Mar 2005 10:33:11 -0800 (PST)
Attached are some scoring metrics I have used before when reviewing MSSPs. Keep in mind that these metrics are only part of the equation and are high level. You should also have a section around legal, procurement, pricing, specific SLAs, account mgt and financials of the company. Sorry for the format... Bob __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Scoring: 0 Unacceptable 25 Below Requirements 40 Slightly Below Requirements 50 Meets Requirements 60 Slightly Exceeds Requirements 75 Exceeds Requirements 100 Optimal Response Bullet Section Weighting Sub Weighting Participant Scores 1 2 3 Analysts and Training 15% 1 Staff Composition 20% 2 Support Team 10% 4 Analysts Location 10% 5 Analysts experience 30% 6 Background checks on Analysts 10% 7 Certifications 20% Sub Total 100% Monitoring Procedures 20% 1 Analysts Monitoring Procedures 25% 2 Key Operational Process 25% 3 IDS Sensor Operational? 25% 4 False Positive and False Negative minimization 25% Sub Total 100% Reporting 15% 1 Customer Access to Data Repository 20% 2 Trending Capabilities 25% 3 Data Downloadable 15% 4 Ability to Monitor and report during an Attack 15% 5 Availability Reporting 15% 6 Executive Summary Reporting 10% Sub Total 100% Correlation and Response Capabilities 20% 1 Is firewall data available for view in the customer portal? 15% 2 "Handling of multiple data sources (IDS, FW, VA, etc)" 15% 3 Correlation of Vulnerability Assessment data against attacks. 10% 5 Correlate Info. From Multiple Sources 20% 6 Use of cross-client data for trending/identification of new attacks. 20% 7 "Ability to alert entire customer base via multiple, automated methods (email, phone, etc.) of impending new activity" 20% Sub Total 100% Service 20% 1 Adequacy of analyst dashboard and tools for event analysis 10% 2 Adequacy of client web portal 10% 3 Standard SLA 10% 4 Vendor Updates 10% 5 Update Testing 5% 6 SLA for device config. Or Device Info. 10% 7 Early warning Data 10% 8 Custom Escalation Procedures 10% 9 Managed/Monitor or Monitoring Only Offerings 10% 10 Migration to Standard Services 10% 11 Legal Dispute 5% Sub Total 100% Architecture 10% 1 Description/Diagram of Transport Infrastructure 30% 2 Redundant Locations 35% 3 Support Your IDS/IPS/Firewall 35% Sub Total 100% Development/Road Map 10% 1 Product/Service Overview 25% 2 Product Roadmap 25% 3 Product Direction/Senior Tech Vision 25% 4 Development roadmap aliance with Vendors 25% Sub Total 100% Competition 5% 1 Uniqueness of Service 25% 2 # of RPS responded to in 12 Months 25% 3 % of times short listed 25% 4 % of RFP business Won 25% Sub Total 100% Grand Total 100%
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Metrics when comparing MSSPs Bob Huber (Mar 31)