RE: Managed Firewall Service - Opinions

["Melson, Paul" <PMelson () sequoianet com>]

> There are two purposes, the first, and main is *operational*
outsourcing.  
> 24x7 coverage, alerting, event interpretation and reporting, platform 
> maintenance, etc.  The second is being able to ask "what's the best
way to 
> do $foo?"  

Alerting and event interpretation sound like risk analysis tasks to me.
If your service provider isn't doing some form of risk analysis based on
their knowledge of your environment and the Internet in general before
contacting you, then you could probably replace them with a software
product, yes?


> Anyone who expects magical insight is fooling themselves at the price 
> points MSSPs charge.  A full security service looks at a heck of a lot

> more than just the firewall ruleset (and costs a heck of a lot more
than 
> managed monitoring of one or two devices.)

I couldn't agree more.  If you read back to the beginning of the thread,
I gave this exact piece of advice to Frank when he first broached the
subject.  It's important to work with a vendor that brings more to the
table than just "a few guys that can write access-lists."  I guess
because I work for the latter, I failed to distinguish between a service
provider that only makes requested changes to the firewall and one that
manages the firewall in conjunction with a bevy of other security
services.

PaulM


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards