· To: · [EMAIL PROTECTED] · Subject: CDR: Trust me with your company,I'm Bruce Schneier. · From: Matthew X <· [EMAIL PROTECTED]> · Date: Tue, 24 Sep 2002 09:30:40 +1000 · Reply-To: · [EMAIL PROTECTED] · Sender: · [EMAIL PROTECTED]
EXTRACT According to industry researchers at Giga Information Group, there are more than 80 MSS providers in the United States operating nationally - down from 125 last year - a figure that analysts expect to drop to 60. So you should choose wisely if your security provider goes belly-up. When it comes to picking a provider, the managed security label can be misleading since it encompasses a variety of services, from one-time vulnerability assessments to 24-hour network monitoring. Some companies that call themselves MSS providers are actually only product resellers. Steve Hunt, a research analyst with Giga, says there are six categories of MSS: · On-site consulting to develop a security plan and infrastructure. · Vulnerability testing. · Product sales of security hardware and software. · Remote perimeter management, which involves installing, configuring and managing a virtual private network. · Network monitoring, a 24x7 service to watch network traffic for suspicious activity and intrusions. · Compliance monitoring to ensure employees comply with company policies. Some providers offer a single service, others a smorgasbord. Costs can range from $US250 ($A474) a day for consulting to $US12,000 a month for network monitoring. Small Sydney provider Kyberguard, for instance, has 50 clients including Nippon Telephone and Telegraph and international engineering group Montgomery Watson Harza. It charges $250 a month for small companies, which includes the cost and installation of a firewall and IDS hardware as well as 24-hour monitoring of perimeter activity. For 100 to 150 employees they charge $950 a month for hardware and monitoring of internal-external traffic. They also install and configure VPNs. Canberra-based 90East, which has offices around the country, charges $7000 to $10,000 a month for network monitoring. It also offers server hosting and VPN services. The company is new to the commercial market after securing government systems for several years. The founders were government contractors who built a complex firewall system for federal agencies, then formed 90East when the government decided to outsource security. Their clients include 35 federal departments, state governments and legal firm Minter Ellison. The company recently acquired Application Service Provider Peakhour. Giga's Steve Hunt says that before choosing any MSS, you should assess your business risks and needs to decide what you can do in-house and what you should outsource. But no company should hand over all security to an outsider. Greg Nelson, information security manager for chip maker Advanced Micro Devices, says companies should retain control of security management. "You can outsource specific tasks but you can't outsource responsibility for the security of your company," he says. Bruce Schneier, founder of United States network monitoring service Counterpane, recommends outsourcing labour-intensive tasks such as vulnerability assessment, network monitoring, consulting and forensics. FROM http://smh.com.au/articles/2002/09/24/1032734104214.html
