IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MSSP / IDS Selection

From: "David W. Goodrum" <dgoodrum () nfr com>
Date: Sat, 19 Mar 2005 16:38:56 -0500
If you're still trying to determine whether or not to go with an MSS vs building it inhouse, I think you need to look at a number of factors. We find ourselves often recommending our smaller installations to go with an MSS so that they can get the full benefits of an expert staff and the 24 x 7 operations. Larger enterprises typically already have an "expert" staff and can leverage off that to implement their own systems. But, as you've stated, the costs of going with an MSS sometimes seem a bit overwhelming. But, potentially, the reason for the sticker shock is because of the vendors you've selected to evaluate as an MSP. You picked the big names that everybody knows. At NFR we have a number of providers that we recommend depending on the need of the customer. Some customers don't care about 24 x7, and don't want to pay an MSS for that type of service. For those customers we often recommend local shops that are often cheaper than some of the big names that you have chosen below. Perhaps you are looking for the managed IDS without all the bells and whistles to save on cost. Those providers do exist, but you usually won't find them unless you go through the IDS vendor for the recommendation. I notice that NFR was not on your list, but you could easily contact the other IDS vendors you mentioned below and they could probably point you in the direction of some of the less expensive MSPs. You could take one vendor recommendation and then compare those "smaller" MSP's to see how they compare. On the other hand... if you have the staff, or just want the experience, you could always try doing it in house first. Most MSPs will happily take over an existing install if you later decide to outsource the management of your system. 
-dave

KJP wrote:


I have spent much time researching various MSSP's NetSec, Verisign,
Counterpane, and LURHQ for my company.  After much research we decided
to go with Verisign for numerous reasons.  After selecting Verisign we
began narrowing down pricing.  On a monthly level the pricing looks
ok, until you look at it at a yearly level the pricing starts to get
scary.

We looked into doing the same service internally using Snort.  I
remembered the comercial implentation of Sourcefire and began
researching it.  It appears to offer services that Snort does not, RNA
and Defense Center offer the pieces missing from Snort, plus it
packages the support so I don't need to worry about hardware support,
OS support, etc.

What are the opinions of Snort and Sourcefire versus ISS, Cisco,
Enterasys, Symantec?

Thanks in advance.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
--------------------------------------------------------------------------



--
David W. Goodrum
Senior Systems Engineer
NFR Security
703.731.3765


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: