Firewall Wizards mailing list archives
RE: Managed Security Metrics
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 7 Mar 2001 11:23:48 -0500 (EST)
On Tue, 6 Mar 2001, Mike Smith wrote:
I'm looking for a service provider that covers more than firewall management; it should offer internal IDS, anti-virus, content filtering (incoming and outgoing), etc. Down the road, I may look for services like password management, PKI management, maybe even integrated physical security.
With the BIGTIME <tm> provider I was with, all the above except the simple FW mgt. was added cost. And things like 'internal' IDS would require a special agreement, as we placed them devices on the exposed side of things and they functioned in such a noisey manner the data they spewed was pretty much worthless for any decent metrics. Of course, I do think the biggest problem was the lack of skilled folks to determine what actually it was they saw in logs and the like. The caution here being; not all the folks watching your devices are going to be equally skilled and adept. I';d say out of 30+ we had maybe 3-4 with real clues, the others learned on the fly, not to say they were not fast learners...
My research tells me the SLA is the main way to tell what I'm getting for my money and to compare providers. I expect the provider to have a service that implements my security policy (after we jointly review, and update if necessary, that policy to make sure it's appropriate and supportable with the provider's offering; I expect the provider to give advice in that area as part of the service).
Of course we implemented *your* sec policy, in fact cause so few had a clue, if you wanted to do something stupid <tm> most would certainly let you turn your firewall into a router, or worser. Advice was a totally different matter, as in lacking...
The SLA is also my contract. It defines "good" service, and ideally defines rebates (to me) or penalties (to the provider) if the service isn't "good." But "good" has to be objective and the provider has to be able to demonstrate that it was "good" during a given reporting period.
Again, we found the metric of most concern was uptime, outages of anysort, whether justified or not, were the only real issues we ever saw. Of course this tended to reflect the clue level of the clients. Again, I offer these words as advice, because we were not a small time proivider <tm> nor new to the game, we managed your pipes, your network on the whole, or your perimiter, whatever you had the bucks to outsource, we probably did. Did that make us the best <tm>? Not from were I sat it didn't. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Managed Security Metrics, (continued)
- Message not available
- Re: Managed Security Metrics Marcus J. Ranum (Mar 06)
- IP Spoofing and counter measures Tib (Mar 09)
- Re: IP Spoofing and counter measures Ryan Russell (Mar 11)
- RE: Managed Security Metrics Bob . Eichler (Mar 05)
- RE: Managed Security Metrics Mike Smith (Mar 05)
- Re: Managed Security Metrics Adam Shostack (Mar 06)
- RE: Managed Security Metrics R. DuFresne (Mar 06)
- Re: Managed Security Metrics shawn . moyer (Mar 06)
- RE: Managed Security Metrics Mike Smith (Mar 06)
- Re: Managed Security Metrics Adam Shostack (Mar 09)
- RE: Managed Security Metrics R. DuFresne (Mar 09)
- RE: Managed Security Metrics Crumrine, Gary L (Mar 07)
- Re: Managed Security Metrics Jack McCarthy (Mar 07)