RE: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)

From: Scott Tousley (stousley@genuity.net)
Date: 01/31/02 

From: "Scott Tousley" <stousley@genuity.net>
To: <opiniontaker@hushmail.com>, <focus-ids@securityfocus.com>
Date: Wed, 30 Jan 2002 18:37:26 -0500

Excellent questions, near and dear to my heart. Two thoughts for the
audience:

1) MSSP's are paying attention to your issues...some with more
effectiveness than others, of course. The jury's still out on the right mix
of service offerings, product set, integration of all this, etc., but it is
a worthy business and management challenge. Increasingly, we are supporting
customers out to the scale of supporting their own security audit programs
(because we are inescapably part of what must be defined and checked), which
I think reflects the integration challenge between you and your MSSP(s).

2) I think an enterprise IT manager/chief security officer/CIO should go
with MSSP's, but intelligently. Don't end up relying on one provider or one
technology, and outsource things that are both cost-effective and complement
your own IT strengths and abilities. From our perspective, the best
customers are the sharpest ones, that treat us as an extended part of their
IT staff and complete security environment. Go with logical outsourcing
options based on your own criteria, and stick with your evaluation process
to decide how to adjust the outsourced effort going down the road.

Scott Tousley
Operations Security,
   Genuity

-----Original Message-----
From: opiniontaker@hushmail.com [mailto:opiniontaker@hushmail.com]
Sent: Tuesday, January 29, 2002 7:29 PM
To: focus-ids@securityfocus.com
Subject: Managed Security Providers (Who do IDS & Firewall Monitoring
and Blocking)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello All,

I've been looking for a managed security provider as of late--and in doing
my research and talking to sales people and such, I come off with the huge
worry that even though I am walking into what *looks* to be a sexy facility
(the MSSP's NOC site) and talking to what *looks* to be very smart and
dedicated people (the MSSP's analysts and engineers), all I've been given in
the end is a very big show trying to get me to spend money without regard to
giving a damn about my organization's security. As professionals in the
field, I am asking your opinions on managed security providers. I ask based
on the following criteria:

1. What are your thoughts concerning whether or not the MSSP is actually
paying attention to the defense of a customer network 24/7/365?

2. What are your thoughts as to the MSSP's ability to defend my networks
when they aren't really a part of my business, and, hence, have a very
limited understanding of my individual organization's security threats,
issues, and needs.

3. What are your thoughts on an MSSP to actually succeed in business when
they are only charging me $3000-$6000 per month to secure my borders, AND
they have to pay attention 24/7/365, AND they tell me they will know and
understand my network, AND they tell me that they possess top notch,
industry-leading talent (bearing in mind that they probably have to pay that
talent very well)? How many top notch people can they afford to hire and
spend on MY network at $3000-$6000/month... or do they mean that the top
notch talent will spend part of its day on my networks and part of its day
on X numbers of other customers.

4. How many of you honestly feel that the technology in place to day is of
a calibur to protect my network the way they say it will (I'm sure there are
all sorts of technical things to consider on this last one, so please list
anything you feel is pertinent)?

Thanks very much--you're answers will mean a lot to a very conflicted IT
manager!
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wmEEARECACEFAjxXQMEaHG9waW5pb250YWtlckBodXNobWFpbC5jb20ACgkQS5PsFnfk
MPY70gCfbV2SyitfdZBRsNjF3O+Cp/yO6fMAnjYnd6CeKzNqJIm1MGssNoBrfn5Y
=EEsM
-----END PGP SIGNATURE-----