In-Reply-To: <422C2FDB.5030404@ecologie.net>
Appears that the discussion is more about selecting a right IDS/IPS solution
rather then selecting a Managed Security Service provider, which was the
question.
When selecting a MSS provider (IDS/FW alike) of course you must be convinced
that the use the right tools/products. Some providers use commercial ones like
Netscreens, CP, ISS,...... others use there own spin-offs or open source. More
importantly is almost how they provide there services, the SLA and operational
procedure agreements, there incident handling capability and of course the
security experience they bring to your company. For example ISS is strong as a
product vendor but is just moving to the market for delivering services. When
selecting a MSS also normal classic outsourcing aspects must be considered.
Since you are outsourcing part of your security monitoring and incident
handling process special care should be taken here. For example there are large
companies or product vendors who "also do security services", but there are
also dedicated MSS companies. Often small specialized companies but with a
large insight in the issues that really matter. Remember, it�s no
t just the product that you buy, it�s about the service and quality of the
monitoring and incident handling that protects your company assets. Everyone
will sooner or later get (there own) products working, that�s not the issue
here. Smaller companies can also better control who is monitoring your networks
and systems. Big MSS providers just have a pool of people monitoring, maybe
even from different SOCs. However some customers require that they must be
convinced that only a limited number of persons are involved providing the
service. My company for example only works with top-level screened security
staff. Therefore we are able to guarantee who is doing what, when and how.
And what about incident handling and response? If something might happen is
your MSS there for Protect & proceed or Pursue & prosecute? Product vendors or
normal IT companies entering the MSS market often lack this experience.
Global market presence is often only limited needed since MSS is only providing
a small part of the total infrastructure. Therefore small MSS companies may
just pickbag on already in place service structures. The MSS services
themselves are completely independent of location.
Author works at a highly specialized dedicated Forensic and MSS company
providing services to global customers and law enforcement.
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
