The problem with offering incident response along with IDS/monitoring is credibility. If you conveniently fail to detect the intrusion, or you detect it too late, and then you come stomping in after the fact to bill a ton of hours, how does that make you look? If you guys have any good solutions to that issue, I'd love to hear about them. -gabe On Wed, Aug 23, 2000 at 09:58:32PM -0500, Frank Knobbe wrote: > That's how see it too. However, one can argue that if they are cheap > enough, why not hiring them instead of a security administrator for > some cost savings? (Ignoring any technical issues for this argument) > Also, if they could provide some service beyond just monitoring and > alerting (i.e. immediate incident response), then they might be > something to consider. > > Is anyone reading this considering such a service? I would like to > hear some opinions from people that either have this services or are > seriously considering it. > > > BTW: Reading one of Mark's earlier emails, it looks like he was > talking about something else, not monitoring services. Mark, do you > mind if we borrow this thread? ;) > > Regards, > Frank > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Personal Privacy 6.5.1 > Comment: PGP or S/MIME (X.509) encrypted email preferred. > > iQA/AwUBOaSPWERKym0LjhFcEQLl0wCcC0t/1mUcGJwIG8WXXW2H1Di2yX4AnA37 > XERynyY4ao9qCEGFQmwOpfow > =wL4W > -----END PGP SIGNATURE----- > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
