Re: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)
From: Andrew Plato (aplato@anitian.com)Date: 02/01/02
- Next in thread: Nelli Korchmarev: "Re: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)"
- Reply: Nelli Korchmarev: "Re: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 31 Jan 2002 20:23:59 -0800 From: "Andrew Plato" <aplato@anitian.com> To: "Focus-Ids (E-mail)" <focus-ids@securityfocus.com>
> 1. What are your thoughts concerning whether or not the MSSP
> is actually paying attention to the defense of a customer
> network 24/7/365?
They pay attention, but not just to you. One problem with MSSP is that
they tend to hire marginally qualified people, train them, and then
expect them to watch a ton of customers. They may catch an intrusion,
but they usually cannot do much to help you beyond a simple
notification...which a centralized IDS system could do the same thing
and you would control the information it contains.
> 2. What are your thoughts as to the MSSP's ability to defend
> my networks when they aren't really a part of my business,
> and, hence, have a very limited understanding of my
> individual organization's security threats, issues, and
> needs.
The fact is they are going to make a lot of assumptions about your
network and your business. Some of those assumptions will be fair, many
will not. Also, since staff turns over regularly, you have no real way
of knowing if the guy at the console is a wonderstud security guru or a
temp they got from Kelly Staffing.
An MSSP is never going to be deeply involved in your security
infrastructure...they can't. They're a separate entity and they'll never
know your network as well as you.
The fact is most of the things an MSSP does (vulnerability auditing,
intrusion detection, firewall analysis, etc.) you can do yourself quite
easily. There are numerous technologies you can buy (or get free) and
customize for your exact environment. Then when there is an incident,
you can begin to make an immediate determination on how to respond.
Moreover, you can begin to store up local records of security
information. That way if something does happen, you have the records of
the event. You're not at the mercy of some MSSP.
> 3. What are your thoughts on an MSSP to actually succeed in
> business when they are only charging me $3000-$6000 per month
> to secure my borders, AND they have to pay attention
> 24/7/365, AND they tell me they will know and understand my
> network, AND they tell me that they possess top notch,
> industry-leading talent (bearing in mind that they probably
> have to pay that talent very well)? How many top notch
> people can they afford to hire and spend on MY network at
> $3000-$6000/month... or do they mean that the top notch
> talent will spend part of its day on my networks and part of
> its day on X numbers of other customers.
The fact is they can't support a team of top-notch talent. They maybe
have one or two top notch people and a lot of drones. Most firms are
structured that way.
I think MSSPs are a good idea that just does not translate well into
reality. Its trying to be too many things to too many different
organizations. They also are not making much money.
Theoretically, if a MSSP had 100 customers at $5000 a month, they could
be making $500,000 a month. That would easily cover a staff of 30 or so,
a high-tech data center, and all the support overhead needed. The
problem is that most are lucky to have 5 customers, and such are
scraping by at a mere $25,000 a month, which will barely cover their
rent. So they have to cut costs somewhere. They need a sales force and
they need that fancy data center to parade you through - so guess where
the cuts are made? Staff.
> 4. How many of you honestly feel that the technology in
> place to day is of a calibur to protect my network the way
> they say it will (I'm sure there are all sorts of technical
> things to consider on this last one, so please list anything
> you feel is pertinent)?
Oh the technology exists. Its just do you want to control it, or do you
want to hand it to some third party to handle.
Outsourcing is a great idea for technical documentation or web site
design. There is inherent value in hiring a firm that specializes in
these non-core functions. But security? I would not feel safe handing
over the security of my firm to a third party. I would want such things
managed in-house where I can keep an eye on things.
One of the other problems is also response. Yeah, they can send you a
page or a email saying there is a problem, but are they going to fly a
consultant out to fix the problem?
One option to consider is locating a local (or nearby) security expert
who can help guide you though the process of installing, integrating,
and managing your own security infrastructure. Naturally this is what I
would encourage you to do...because its what I do. :-)
Seriously, a lot of this work you can do internally. With a some
training, support, and the right tools you can have a very capable
security infrastructure that you manage yourself. And if necessary,
spend $5000 a month to hire a person who can monitor and manage the
system for you. Over the long haul, you'll have a more effective system.
------------------------------------
Andrew Plato
President / Principal Consultant
Anitian Corporation
http://www.anitian.com
------------------------------------
- application/x-pkcs7-signature attachment: smime.p7s
- Next in thread: Nelli Korchmarev: "Re: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)"
- Reply: Nelli Korchmarev: "Re: Managed Security Providers (Who do IDS & Firewall Monitoring and Blocking)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
