>> Which is exactly why Anitian started an on-site managed security >> service. Most firms cannot afford a full-time analyst, so one of ours >> can come in once a week (or once a month) and review all the logs and >> look for trouble. >That's hilarious. So an attacker could have 0wned you 3 weeks ago, and >then the Anitian service tells you about it. Oh good :) No, the IDS and/or firewall settings we established tell you about it right away. We merely provide the on-going maintenance, support, and analysis of issues to detect and track more subtle intrusions and help the customer make the most out of their security investments. For example, one thing we do is scan through firewall logs looking for tell-tale signs of reconnaissance or odd-late-night behavior. Might be nothing, might be a hack - but at least *somebody* is keeping an eye on this stuff. >Why bother paying for IDS at all if you're only going to look at it >weekly or monthly? That's absurd. The amount of potential damage that >can occur in a week or a month is huge; of what use is such a service? I wouldn't expect this service to appeal to somebody like you, Crispin. Many small to medium-sized organizations do not have the resources or the experience to analyze the logs and output of IDSs, OSs, or firewalls produce on a regular basis. Our service was designed to offer these places expert help and peace of mind. To make sure everything is running and working at optimal efficiency and capability. There is a lot of peace of mind and value having experts on-site regularly to give all the systems a "check up." Besides, I think customer service is important and it is something that is sorely lacking in the security world. One of the largest problems with managed security is that you have to send your security data off to some far-away data center. You have no idea who is looking at this data. It could be a hacker, who was hired for $5.00 an hour on contract. Our service doesn't require any remote access. Our customers get to meet and work directly with the analysts who are helping them. I know that I feel a lot more assured when I can meet face-to-face with the people who are helping me protect my network. Considering the overwhelming support and interest we have received regarding this service, I think we're on the right track. ----------------------------------- Andrew Plato, CISSP President / Principal Consultant Anitian Corporation (503) 644-5656 office (503) 201-0821 cell http://www.anitian.com <http://www.anitian.com/> ------------------------------------
This archive was generated by hypermail 2b30 : Thu Aug 29 2002 - 15:10:25 PDT