Mark,
#Just curious if anyone on the list has subscribed to these type of
services
#or what they think of online security vulnerability services. I have seen
#several companies over the last few months advertise this type of service
#for large organizations. I see the value but in order for this type of
#service to be effective, one has to inventory or profile their network
#which could be very time consuming. Also then how would this type of
#organization's information be stored? How would the information be
#handled? Who would certify that the information wouldn't be taken or
#copied due to some upset employee?? Maybe it is me, but I don't get it
I have had the same questions about these services as well. Some
other questions I have is who are they hiring and what are their skillsets.
We all know how tight the job market is right now and I suspect they are
hiring new people right out of college who are just taught how to run some
tools. I would like to see an example of the kind of report they give you.
Are they just running ISS scanner having it create a fancy little report
and throwing the top ten SANS vulnerabilities at the bottom? Granted, they
at least save me the time of running the scan myself but how much is that
worth? Are the people hired by these companies capable of doing some
in-depth analysis of my network or are they just starting out in network
security? My fear is that these companies will hire less qualified people
because that will increase their profit margin and I will not be getting
the service I need. I started out working for a firewall vendor and I
remember how woefully inexperienced I was. At least it only took me two
months to learn everything there is to know about network security;-)
Regardless of how they store the information on your network there
still needs to be some access granted. A company like this would have to
have a pretty stringent hiring process and background check at the minimum
as well as good logging of who accesses client company information. I
suspect that they could be held liable if information they have on your
network is used to break into your network. I thought NetworkICE offered
those type of services as well as their Intrusion Detection products. If
not it would be a good field for you guys to get into. You could progress
from vendor support to installs to intrusion detection consulting. A good
way to capitolize on existing talent.
Regards,
Jeffery Gieser
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
