RE: CRIME Checkpoint versus Sonicwall

From: Andrew Plato (aplato@private)
Date: Fri Aug 30 2002 - 19:14:56 PDT

  • Next message: Andrew Plato: "RE: CRIME Checkpoint versus Sonicwall"

    > -----Original Message-----
    > From: Crispin Cowan [mailto:crispin@private]
    
    > I'm not sure, as I don't understand the Anitian solution:
    > 
    >     * If it is occasional log inspection (as Wil Cooley described his
    >       service) then that's just dandy; it is cost-effective.
    >     * If it includes a NIDS, which is only monitored 
    > occasionally, then
    >       the NIDS is a waste of money, and should be dumped.
    
    The best way to describe our service is "periodic maintenance, optimization, and analysis of security systems such as firewalls, IDSs, virus scanners, operating systems, etc. In addition we offer on-site forensics, tuning, and vulnerability auditing."  
    
    NIDS may be a PART of the service. It depends on what the customer has or wants. IDSs need regular maintenance, optimization, and tuning to remain effective and useful. Moreover the data these systems produce needs to be reviewed periodically for trends, issues, etc. 
    
    Part of the service may also include tuning and optimizing IDSs to alert IT admins via pager, email, etc. to potential intrusions. Hence providing 24/7/365 coverage via the native features of the IDS technologies themselves. 
    
    That's the service. 
    
    The service is NOT:
    
    24/7/365 instantaneous response 
    24/7/365 human monitoring
    
    However, if you want me to monitor your systems 24/7/365 - I'd be happy to hook you up with a data-center that can do that. 
    
    Another way to think of it is that it fills the rather large gap between 24/7/365 MSSPs and NOTHING. And since most companies have NOTHING and cannot afford full-time MSSP or do not feel comfortable with the off-site data transfer, I think our service has a pretty large market.  
    
    Now get this - I have one customer that uses and MSSP *AND* our services. In a sense, we're the on-site tuners and the MSSP just does the 24/7/365 monitoring. 
    
    ------------------------------------
    Andrew Plato, CISSP
    President / Principal Consultant
    Anitian Corporation
    
    (503) 644-5656 office
    (503) 201-0821 cell
    http://www.anitian.com
    ------------------------------------
    



    This archive was generated by hypermail 2b30 : Fri Aug 30 2002 - 19:52:55 PDT