The answer to this has always been automation, whether it's automation
of log analysis, alarms/traps, and/or on the fly packet header monitoring.
When an alarm occurs, the SOC gets alerted and an escalation procedure
begins. This is standard practice. You don't have senior engineers monitoring
systems 24 x 7 but you damned well better have them available when something
real happens.
On Thu, Jun 28, 2001 at 12:14:13PM +1000, Saso Virag wrote:
[snip]
> Bill,
>
> I am terribly sorry, but I just don't see how it would be economical for
> an MSP to have professional IT security guys watch numerous screens where
> new alerts pop up all the time, unless those professional IT security
> guys come 20 cents a dozen.
[snip]
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
