Managed Security Monitoring Services vs In House Monitoring
alvin at maggie.linux-consulting.com
alvin at maggie.linux-consulting.com
Tue Feb 25 16:25:40 PST 2003
hi ya jeff
On Tue, 25 Feb 2003, Jeff with The Big Yellow Suit wrote:
> I'm working in an environment in which security is ..um..deficient,
> and I'm going to be tasked with putting together a plan to
> tighten things down, and I'm considering between outsourcing
> the job of intrusion detection versus doing it in house.
by my definition, an outsourced "security and ids" is already
a breach of security ... period ..
- unless that outfit carries e/o insurance for say
enough to cover damages and losses from a breach
from hackers and other un-permitted activities
( insurance like what counterpane carries in the $xxxM
( when they do some security work
> The primary limitation in doing this is likeley to be brain
> cycles. Quite simply the staff is stretched far too thinly,
you really do not want "brain cycles" to do montioring ( very bad idea )
but you really do want brain cycles to define the security policy
and how people and machines get to do certain tasks
-- everything should be automated ... not brain cycles ..
- brain cycles goes on vacation
- brain cycles gets sick
- brain cycles go home after 8 hrs
- brain cycles gets distracted for other things
- brain cycles are only as good as they wanna be
...
- a good hacker/cracker just needs a few seconds/minutes
to do what they need ... ( but depends on what it is that
we're trying to prevent too vs receover from said activities )
> they are not historically very good at the daily care
> and feeding of complex beasties. I envision any sort of
> inhouse system going in with a bang and then languishing
> for lack of updates and passion. I've seen it happen too
> many times.
fairly easy to install host ids and network ids
- lots of tools out there
http://www.Linux-Sec.net/IDS
( similarly for auditing tools and monitoring tools )
-- i prefer my custom tools that md5 all the stuff
i care about
> For those reasons I'm leaning heavily towards outsourcing.
> The obvious candidate is Counterpane, but I'd like to get
counterpane carries e/o for encryption technology etc
and not sure if they also have the same for ids type of security
> people's feelings about this, and I'd also like to scare up
> a list of services doing similar things. Any help and or
> horror stories would be appreciated.
c ya
alvin
More information about the Baylisa
mailing list