RE: [fw-wiz] Managed Firewall Service - Opinions

From: Paul D. Robertson (proberts@patriot.net)
Date: 04/21/03

  • Next message: david singleton: "[fw-wiz] RPCs over HTTPS through the firewall" 
    From: "Paul D. Robertson" <proberts@patriot.net>
To: "Melson, Paul" <PMelson@sequoianet.com>
Date: Mon, 21 Apr 2003 11:19:20 -0400 (EDT)

    On Mon, 21 Apr 2003, Melson, Paul wrote:

    > > There are two purposes, the first, and main is *operational*
    > outsourcing.
    > > 24x7 coverage, alerting, event interpretation and reporting, platform
    > > maintenance, etc. The second is being able to ask "what's the best
    > way to
    > > do $foo?"
    >
    > Alerting and event interpretation sound like risk analysis tasks to me.

    Not really, they're more operational tasks than analytical tasks. Way
    more math goes into a real risk analysis than "Hmmm, that looks bad, I
    should call someone!"

    > If your service provider isn't doing some form of risk analysis based on
    > their knowledge of your environment and the Internet in general before
    > contacting you, then you could probably replace them with a software
    > product, yes?

    Not really, again, as I see it, it is more of an operational outsourcing
    than a knowledge outsourcing (or more properly, the knowledge piece is
    really more operational than policy-based.)

    > > Anyone who expects magical insight is fooling themselves at the price
    > > points MSSPs charge. A full security service looks at a heck of a lot
    > > more than just the firewall ruleset (and costs a heck of a lot more
    > than
    > > managed monitoring of one or two devices.)
    >
    > I couldn't agree more. If you read back to the beginning of the thread,
    > I gave this exact piece of advice to Frank when he first broached the
    > subject. It's important to work with a vendor that brings more to the
    > table than just "a few guys that can write access-lists." I guess
    > because I work for the latter, I failed to distinguish between a service
    > provider that only makes requested changes to the firewall and one that
    > manages the firewall in conjunction with a bevy of other security
    > services.

    Oursourcing operational management is different than outsourcing or
    "teaming" or whatever other buzzword you want to use for a larger security
    service. For people who just want to outsource their firewall/IDS stuff,
    the expectation that some magic security bunny is going to hop over their
    ruleset changes with a risk picture isn't a good expectation to set.
      
    Telnet to a *nix box running Solaris 4.3 is something completely different
    from telent to a well-managed mainframe for access to public real estate
    data.

    "A bevy of other security services" cost a bevy of more dollars, and
    requires a significantly larger trust extension. Plugs like that aren't
    relevant to the thread, and I'll actively resist responding to them
    directly on list[1].

    Heck, I don't think most internal company firewall administrators are
    given enough insight into the business to understand the risk implications
    of the changes they're asked to make,

    Real risk analysis is a structured and somewhat invasive process that
    requires a lot more insight into a company's network, culture, policies,
    operational levels, business, growth strategy, etc. than folks contracting
    firewall management and monitoring tend to get.

    Paul
    [1.] My employer competes in this space, and I moderate the list, I'll be
    more than happy to respond off-list, but marketing-ish slants aren't
    appropriate here.
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    proberts@patriot.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: david singleton: "[fw-wiz] RPCs over HTTPS through the firewall"

    Relevant Pages

    • RE: [fw-wiz] Managed Firewall Service - Opinions
      ... I would hope that most, if not all, managed service providers would ... what's the purpose of outsourcing to experts? ... Risk analysis should be ... want to make the rulebae turn their firewall into a router, ...
      (Firewall-Wizards)
    • Re: OWA
      ... It doesn't matter what type of firewall is used. ... trouble of making it easy to configure ISA for this scenario. ... Both of which can apply to ISA. ... > get the information on the risk analysis of not using ISA ...
      (microsoft.public.exchange.misc)