If you're still trying to determine whether or not to go with an MSS vs
building it inhouse, I think you need to look at a number of factors.
We find ourselves often recommending our smaller installations to go
with an MSS so that they can get the full benefits of an expert staff
and the 24 x 7 operations. Larger enterprises typically already have an
"expert" staff and can leverage off that to implement their own
systems. But, as you've stated, the costs of going with an MSS
sometimes seem a bit overwhelming. But, potentially, the reason for the
sticker shock is because of the vendors you've selected to evaluate as
an MSP. You picked the big names that everybody knows. At NFR we have
a number of providers that we recommend depending on the need of the
customer. Some customers don't care about 24 x7, and don't want to pay
an MSS for that type of service. For those customers we often recommend
local shops that are often cheaper than some of the big names that you
have chosen below. Perhaps you are looking for the managed IDS without
all the bells and whistles to save on cost. Those providers do exist,
but you usually won't find them unless you go through the IDS vendor for
the recommendation. I notice that NFR was not on your list, but you
could easily contact the other IDS vendors you mentioned below and they
could probably point you in the direction of some of the less expensive
MSPs. You could take one vendor recommendation and then compare those
"smaller" MSP's to see how they compare.
On the other hand... if you have the staff, or just want the experience,
you could always try doing it in house first. Most MSPs will happily
take over an existing install if you later decide to outsource the
management of your system.
-dave
KJP wrote:
I have spent much time researching various MSSP's NetSec, Verisign,
Counterpane, and LURHQ for my company. After much research we decided
to go with Verisign for numerous reasons. After selecting Verisign we
began narrowing down pricing. On a monthly level the pricing looks
ok, until you look at it at a yearly level the pricing starts to get
scary.
We looked into doing the same service internally using Snort. I
remembered the comercial implentation of Sourcefire and began
researching it. It appears to offer services that Snort does not, RNA
and Defense Center offer the pieces missing from Snort, plus it
packages the support so I don't need to worry about hardware support,
OS support, etc.
What are the opinions of Snort and Sourcefire versus ISS, Cisco,
Enterasys, Symantec?
Thanks in advance.
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
--
David W. Goodrum
Senior Systems Engineer
NFR Security
703.731.3765
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
