IDS mailing list archives
Metrics when comparing MSSPs
From: Bob Huber <roberthuberjr () yahoo com>
Date: Tue, 29 Mar 2005 10:33:11 -0800 (PST)
Attached are some scoring metrics I have used before
when reviewing MSSPs. Keep in mind that these metrics
are only part of the equation and are high level. You
should also have a section around legal, procurement,
pricing, specific SLAs, account mgt and financials of
the company.
Sorry for the format...
Bob
__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ Scoring:
0 Unacceptable
25 Below Requirements
40 Slightly Below Requirements
50 Meets Requirements
60 Slightly Exceeds Requirements
75 Exceeds Requirements
100 Optimal Response
Bullet Section Weighting Sub Weighting Participant Scores
1 2 3
Analysts and Training 15%
1 Staff Composition 20%
2 Support Team 10%
4 Analysts Location 10%
5 Analysts experience 30%
6 Background checks on Analysts 10%
7 Certifications 20%
Sub Total 100%
Monitoring Procedures 20%
1 Analysts Monitoring Procedures 25%
2 Key Operational Process 25%
3 IDS Sensor Operational? 25%
4 False Positive and False Negative minimization 25%
Sub Total 100%
Reporting 15%
1 Customer Access to Data Repository 20%
2 Trending Capabilities 25%
3 Data Downloadable 15%
4 Ability to Monitor and report during an Attack 15%
5 Availability Reporting 15%
6 Executive Summary Reporting 10%
Sub Total 100%
Correlation and Response Capabilities 20%
1 Is firewall data available for view in the customer portal? 15%
2 "Handling of multiple data sources (IDS, FW, VA, etc)" 15%
3 Correlation of Vulnerability Assessment data against attacks. 10%
5 Correlate Info. From Multiple Sources 20%
6 Use of cross-client data for trending/identification of new attacks. 20%
7 "Ability to alert entire customer base via multiple, automated methods (email, phone, etc.) of impending new
activity" 20%
Sub Total 100%
Service 20%
1 Adequacy of analyst dashboard and tools for event analysis 10%
2 Adequacy of client web portal 10%
3 Standard SLA 10%
4 Vendor Updates 10%
5 Update Testing 5%
6 SLA for device config. Or Device Info. 10%
7 Early warning Data 10%
8 Custom Escalation Procedures 10%
9 Managed/Monitor or Monitoring Only Offerings 10%
10 Migration to Standard Services 10%
11 Legal Dispute 5%
Sub Total 100%
Architecture 10%
1 Description/Diagram of Transport Infrastructure 30%
2 Redundant Locations 35%
3 Support Your IDS/IPS/Firewall 35%
Sub Total 100%
Development/Road Map 10%
1 Product/Service Overview 25%
2 Product Roadmap 25%
3 Product Direction/Senior Tech Vision 25%
4 Development roadmap aliance with Vendors 25%
Sub Total 100%
Competition 5%
1 Uniqueness of Service 25%
2 # of RPS responded to in 12 Months 25%
3 % of times short listed 25%
4 % of RFP business Won 25%
Sub Total 100%
Grand Total 100%
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Metrics when comparing MSSPs Bob Huber (Mar 31)