A little off base, going from MSP managed an organization's corporate security to monitoring the end-nodes users. A majority of the MSP do not offer that kind of granularity unless a customer is willing to pay lots and lots of dough, therefore allowing the MSP to staff itself with more than 5 people for 7x24 coverage.. Remember design for 10, but seat 7 is always a MSP model to monitor up to 30 customers at a time. :) At 11:24 PM 6/27/2001 +0100, Greg Sheard wrote: [Full Disclosure: I work for a security firm. One of the things we sell is managed systems.] From public data, most huge companies either get a huge company to do their security (BT, IBM, etc) or get a huge team of skilled professionals to permanently keep an eye on things. Most big (so not huge... never been good at talking!) companies will tend to have a small team within their MIS department. Then you get down to the SMEs. Any SME who wants to use email in the workplace now virtually always has an always-on connection of some kind, even here in the UK. The usual best-case scenario is a Windows 2000 box serving Internet. Occasionally there's a router with access-control. Something like 95% of SMEs in the UK have no real security. Unless they're on the large side, they probably can barely afford an IT guy at all. In their shoes, would you drain money with another salary or pay comparably little (a tenth as much?) for somebody to manage your systems? OK, so I'm only a geek, not a suit. Even so, seems plain to me. Just my $0.001 (I'm told I'm ten a penny...) Greg. Zachary Uram wrote: > i don't understand what someone would rely on an outsider to > manage their security structure? > it seems this is best handled on the inside (with firewalls, IDS, > etc..). and if you are just one of many customers won't you get > less intense/frequent scrutiny than if you had your own dedicated > security staff person whose job is to manage your network > security? Greg Sheard Senior Associate ECSC Ltd The information in this email is confidential and legally privileged. It is intended solely for the addressee. Access to the email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken upon reliance on it, is prohibited and unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing ECSC Conditions of Service. The contents of any attachment may contain viruses. Whilst ECSC has taken reasonable precautions to minimise risk we cannot accept liability for any damage you sustain as a result of software viruses. You should carry out your own virus checks before opening any attachments. _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls