Re: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)
From: Misha (misha@equinox.alluvium.com)Date: 01/31/02
- Previous message: Mike Shaw: "Re: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)"
- In reply to: Mike Shaw: "Re: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)"
- Next in thread: Burak DAYIOGLU: "Re: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)"
- Next in thread: Scott Tousley: "RE: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)"
- Reply: Burak DAYIOGLU: "Re: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Jan 2002 17:02:03 -0600 (CST) From: Misha <misha@equinox.alluvium.com> To: Mike Shaw <mshaw@wwisp.com>
> day for every freakin' nimda false positive? If not, how are they going to
> know what a real intrusion attempt is?
Thats one of the key benefits of outsourcing security monitoring. Your
MSSP should be weeding out real alerts from false positives, and be able
to escalate the problem to you according to your security policy. Not
every problem needs to be escalated in real time, and there are ways to
tell whether an IDS alert is a false positive or not without having to
contact someone.
I also do not necessarily believe penetration tests are a good measure of
effectiveness of an MSSP. For a lot of the companies a penetration test
consists of paying someone to run a commercial security scanner, which
readily identify themselves in the scan. Most IDS analysts I know would
simply disregard that as trolling, and would not make it an issue
warranting a wake up call in the middle of the night. Actively
participating in security monitoring and auditing the MSSPs work is much
more useful, although not nearly as flashy.
> For $6000/month you're getting close to being able to hire your own
> competent security engineer depending on where you are. Someone with hands
> on job responsibility and a real stake in the security of your network.
I have worked with companies that had fully staffed security departments,
along with several compromised hosts on the network. No one knew they were
there. I wouldn't say their security people were stupid, they just had
other things to do most of the time.
Having someone on the payroll does not necessarily mean they are competent
to have a real stake in the security of your network. Nor does it mean
that a single security engineer can cover your network 24/7. MSSPs can
offer a way to deal with this, and this has nothing to do with a really
nice looking NSOC.
Misha
- Previous message: Mike Shaw: "Re: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)"
- In reply to: Mike Shaw: "Re: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)"
- Next in thread: Burak DAYIOGLU: "Re: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)"
- Next in thread: Scott Tousley: "RE: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)"
- Reply: Burak DAYIOGLU: "Re: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
