Smoke and mirrors has been an issue with Managed Security Service since the
early 90's. also Buyer beware. How do you the person sitting back
watching the screens is actually a bonafide security type person and not
some person who got hired because they should up at DefCon and impressed
someone with their Pez collection (true story).. :) A lot of the debunking
is not the actual alert but really happens behind the scenes to determine
if one or many alerts are actually valid or not. Each environment can
generate their own typical noise or discard that normally traverses the
network on a daily basis. It is the MSP's job to sort through the noice or
discard and actually call the customer to tell them that their is an actual
intrusion or possible intrusion. Now this whole process seems a bit tedius
and the folks at ADT can probably provide better statistics on false
positives than an a MSP can, but back to the point, what value does an MSP
like DigitalMojo provide when if you read between the lines, they actually
outsource to other MSPs..
/m
At 04:27 PM 6/27/2001 -0500, Ron DuFresne wrote:
>smoke and mirrors has been one of the issues with managed service
>providers and especially managed security providers for sometime. Just
>becuase they may sell you a service for IDS does not mean alot if the IDS
>is setup on the exterior of the network and they are constantly alerting
>you and your staff of 'intrusion detections' 30-500 times a day. In fact,
>it tends to devalue such 'warnings' to the point folks tend to just start
>routing those reports to the trash bin. Thourough reading of contracts in
>such outsourcing aggreements is a must, as well as *understanding* what
>those contracts are really saying.
>
>Thanks,
>
>Ron DuFresne
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
