Re: How to choose an IDS/FW MSS provider

[Ron Gula <rgula () tenablesecurity com>]

I've been reading this thread and I think it is pretty good, but
wanted to make some random comments ...

- Don't pick the MSSP which will put you out of a job. If they are
  that good, you need to be prepared to give up tweaking your IDS
  rules, and be much more focused on management.

- If you are doing a bake-off, a real good way to remove the
  wanna-bees is to turn off the sensor and see who calls first.
  You'll get two groups, the ones that call right away and the
  ones that call next week.

- try and visit their NOC or operations center on Microsoft
  Tuesday. Don't tell their sales person that you want to visit
  on 'MS Tuesday' specifically though. If you show up and there
  is pandemonium, that could be bad.

- Ask the MSP their stance on patching third-party vendor products.
  For example, MSP deploys product XYZ with a management console
  that has something like MySQL in it. When patches for MySQL are
  available, who deploys them - the vendor, the MSP or is it up to
  you?

- There are some great MSPs out there, and there are many which
  will be acquired, go out of business or decide to get into the
  product business. Make sure your purchasing and legal department
  understands exit scenarios for the MSP of choice.

- Make sure your MSP has fully supported licenses for the products
  they manage if they are commercial products.

I'm sure there are more thoughts that folks can throw into this
thread.

Ron Gula, CTO
Tenable Network Security
http://www.tenablesecurity.com
http://www.nessus.org







--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------