Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: How to choose an IDS/FW MSS provider

from [fuijdancer] Network Security [Permanent Link]
Subject: Re: How to choose an IDS/FW MSS provider
Date: 19 Mar 2005 15:33:02 -0000 
In-Reply-To: <74399981AAC3AC4BAA836846471E76E6ED0E28@atlmaiexcp02.iss.local>

Sorry Paul. I did not mean to say ISS does not do a good job. Their R&D is 
suprb and they are in the business for a long time. ISS is also one of the 
leaders to push new developments. You do earn credit for that. 

However (at least in my experience) when it comes to providing a dedicated MSS 
service, especialy on monitoring (IDS) and incident handling/response 
improvements are certainly possible. Larger service providers (and/or coming 
from a large IDS product vendor background) are often not capable enough to 
integrate with the business of their customer when advanced response techniques 
are called for. To solve this some are offering their services through local 
ICT compamnies, e.g. Counterpane is offering its services using Getronics. 
However the experience of the MSS team is than largly cancelled out by the 
local service delivery inexperience. Small highly dedicated MSS providers, 
focussing on detecting and reaction (thus not managing large numbers of 
firewalls, leave that to the IT departments) are capable of this highly 
integration with the customer.

Nevertheless, the industry needs your R&D and XForce talent to keep everyone on 
the edge of things!

regards,

Sky



Received: (qmail 10218 invoked from network); 16 Mar 2005 21:30:54 -0000
Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) 
(205.206.231.26)
 by mail.securityfocus.com with SMTP; 16 Mar 2005 21:30:54 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com 
[205.206.231.19])
      by outgoing2.securityfocus.com (Postfix) with QMQP
      id CD0E7144299; Wed, 16 Mar 2005 14:19:48 -0700 (MST)
Mailing-List: contact focus-ids-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <focus-ids.list-id.securityfocus.com>
List-Post: <mailto:focus-ids@securityfocus.com>
List-Help: <mailto:focus-ids-help@securityfocus.com>
List-Unsubscribe: <mailto:focus-ids-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:focus-ids-subscribe@securityfocus.com>
Delivered-To: mailing list focus-ids@securityfocus.com
Delivered-To: moderator for focus-ids@securityfocus.com
Received: (qmail 346 invoked from network); 15 Mar 2005 18:01:09 -0000
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: How to choose an IDS/FW MSS provider
Date: Tue, 15 Mar 2005 12:43:33 -0500
Message-ID: <74399981AAC3AC4BAA836846471E76E6ED0E28@atlmaiexcp02.iss.local>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: How to choose an IDS/FW MSS provider
Thread-Index: AcUpFueHzWQWyEfsT3efERe9drvleQAbvy/Q
From: "Palmer, Paul (ISSAtlanta)" <PPalmer@iss.net>
To: <fuijdancer@yahoo.com>, <focus-ids@securityfocus.com>
X-OriginalArrivalTime: 15 Mar 2005 17:44:53.0381 (UTC) 
FILETIME=[B1B67B50:01C52986]


For example ISS is strong as a product vendor but is just moving to

the market for delivering services.

ISS has more experience in the MSS market than you give us credit for:

"Internet Security Systems (ISS) has been setting the standard for
accountability, reliability and protection in Managed Security Services
since 1995."
 -- http://www.iss.net/products_services/managed_services/

-----Original Message-----
From: fuijdancer@yahoo.com [mailto:fuijdancer@yahoo.com]=20
Sent: Saturday, March 12, 2005 4:10 AM
To: focus-ids@securityfocus.com
Subject: Re: How to choose an IDS/FW MSS provider


In-Reply-To: <422C2FDB.5030404@ecologie.net>

Appears that the discussion is more about selecting a right IDS/IPS
solution rather then selecting a Managed Security Service provider,
which was the question.

When selecting a MSS provider (IDS/FW alike) of course you must be
convinced that the use the right tools/products. Some providers use
commercial ones like Netscreens, CP, ISS,...... others use there own
spin-offs or open source. More importantly is almost how they provide
there services, the SLA and operational procedure agreements, there
incident handling capability and of course the security experience they
bring to your company. For example ISS is strong as a product vendor but
is just moving to the market for delivering services. When selecting a
MSS also normal classic outsourcing aspects must be considered. Since
you are outsourcing part of your security monitoring and incident
handling process special care should be taken here. For example there
are large companies or product vendors who "also do security services",
but there are also dedicated MSS companies. Often small specialized
companies but with a large insight in the issues that really matter.
Remember, it's no  t just the product that you buy, it's about the
service and quality of the monitoring and incident handling that
protects your company assets. Everyone will sooner or later get (there
own) products working, that's not the issue here. Smaller companies can
also better control who is monitoring your networks and systems. Big MSS
providers just have a pool of people monitoring, maybe even from
different SOCs. However some customers require that they must be
convinced that only a limited number of persons are involved providing
the service. My company for example only works with top-level screened
security staff. Therefore we are able to guarantee who is doing what,
when and how.=20

And what about incident handling and response? If something might happen
is your MSS there for Protect & proceed or Pursue & prosecute? Product
vendors or normal IT companies entering the MSS market often lack this
experience.=20

Global market presence is often only limited needed since MSS is only
providing a small part of the total infrastructure. Therefore small MSS
companies may just pickbag on already in place service structures. The
MSS services themselves are completely independent of location.=20

Author works at a highly specialized dedicated Forensic and MSS company
providing services to global customers and law enforcement.
=20

------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from=20
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
--


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] RE: Snort and Mysql for statistics purposes, Bénoni MARTIN
Next by Date:  Re: How to choose an IDS/FW MSS provider, fuijdancer
Previous by Thread:  RE: How to choose an IDS/FW MSS provider, Jason Baeder
Next by Thread:  Re: How to choose an IDS/FW MSS provider, fuijdancer
Indexes:  [Date] [Thread] [Top] [All Lists]