Re: How to choose an IDS/FW MSS provider

From: Stephane (stephane.d_at_ecologie.net)
Date: 03/15/05

  • Next message: Sergey V Soldatov: "IDS signatures order" 
    Date: Tue, 15 Mar 2005 09:36:18 +0100
To: focus-ids@securityfocus.com

    >
    >
    >[...]
    >
    >And what about incident handling and response? If something might happen is your MSS there for Protect & proceed or Pursue & prosecute? Product vendors or normal IT companies entering the MSS market often lack this experience.
    >
    >
    >
    How long does Internet Security Systems provide the market with MSS? Is
    it something growing or not? Could you grow without quality?

    For the incident handling response, I am almost sure a serious MSS
    provider has kinda a list of who to call in case of... with sort of an
    escalation path in that list. Maybe an MSS consultant keeping his car
    warm to jump to get to the customer or having a special Delta
    subscription ;-) I'd really trust a company like ISS because of X-Forces
    being behind the signatures and other updates thorugh. Who the hell
    might be better that ISS in terms of IDS experience? If you've got more
    on this, let us know here.

    It looks through the emails that ISS is well known for the apps and not
    yet really for services deliveries. But, just think about a sales guy
    having to sell IDS related apps. If he has got an MSS infrastructure to
    show to potential customers, it looks very good! Of course he can't say
    to the potential customers who are the MSS customers but this grow the
    trust on the apps! Like, we've got 1000 IDS, 1500 firewalls... means,
    2500 customers trust us already! Why not you? or why don't you buy Site
    Protector and Proventia? According to what I've red here, I am not
    surprised ISS is pushing to make MSS growing, it is a question on
    positionning the Site Protector on a market getting more and more
    competitive.

    Also, based on what I've seen on the www, they do manage CheckPoint.
    They are by then neutral-vendor, this is very good in a pure ISS
    commercial prospective and I might not be too surprised if somebody here
    says that they have just customers with a big bunch of CP firewalls
    without any IDS (yet!)

    Regards,

    Stephane

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------

  • Next message: Sergey V Soldatov: "IDS signatures order"

    Relevant Pages

    • Re: How to choose an IDS/FW MSS provider
      ... ISS is also one of the leaders to push new developments. ... >the market for delivering services. ... >ISS has more experience in the MSS market than you give us credit for: ... reliability and protection in Managed Security Services ...
      (Focus-IDS)
    • Re: MSSP / IDS Selection
      ... If you're still trying to determine whether or not to go with an MSS vs ... For those customers we often recommend ... Perhaps you are looking for the managed IDS without ... It appears to offer services that Snort does not, ...
      (Focus-IDS)
    • RE: How to choose an IDS/FW MSS provider
      ... A managed solution still presents the same problems that an IDS/IPS solution ... accuracy of an IDS be improved, and this is where local knowledge is a must. ... MSS providers. ... For example there are large companies or product vendors who "also do ...
      (Focus-IDS)
    • Quantcast