maybe it is a mute point because most non-Fortune 500 placs I know of don't want to or don't feel it is warranted to spend the cash on a local security guy OR a MSP. it depends on the context. some smaller places may have a security guy of their own who could rival the service these large MSP's provide. as you said they look for patterns etc. they can't/aren't motivated to spend the same time or intensity a local person may be able to give (IF QUALIFIED). a bad MSP is no better than a bad local guy. a MSP shouldn't be the sum total of one's security policy. On Wed, 27 Jun 2001, Bill Royds wrote: > Which would you rather have watching your network security? > Your local IT jack of all trades who spends most of her day recovering >deleted Word files? > or > pay a professional IT security guy to watch your network connection (and >100 others to catch patterns) 24x7. > > For anything under a government department or Fortune 500, that is your >choice. > > A good Managed Security Provider will work with a client to develop a >security policy, establish the security needs and procedures, and provide the >personnel support to achieve this. For some companies, it might mean a regular >staff person during working hours who handles policy and local support, with a >MSP providing management outside of office hours, installation and hardening >and installation of patches and monitoring of alerts. > > A firm should be able to work out a service contract that fits the firms >needs. Most firms are not in the IT business, so the security expertise is >certainly not in-house.. > > > -----Original Message----- > From: firewalls-admin@pluto.gnac.com > [mailto:firewalls-admin@pluto.gnac.com]On Behalf Of Zachary Uram > Sent: Wednesday, June 27, 2001 17:59 > To: mht@clark.net > Cc: Ron DuFresne; firewalls@pluto.gnac.com > Subject: Re: Managed Service Providers > > > i don't understand what someone would rely on an outsider to > manage their security structure? > it seems this is best handled on the inside (with firewalls, IDS, > etc..). and if you are just one of many customers won't you get > less intense/frequent scrutiny than if you had your own dedicated > security staff person whose job is to manage your network > security? > > uram@cmu.edu "Blessed are those who have not seen and yet have faith." - John 20:29 _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls