The answer to this has always been automation, whether it's automation of log analysis, alarms/traps, and/or on the fly packet header monitoring. When an alarm occurs, the SOC gets alerted and an escalation procedure begins. This is standard practice. You don't have senior engineers monitoring systems 24 x 7 but you damned well better have them available when something real happens. On Thu, Jun 28, 2001 at 12:14:13PM +1000, Saso Virag wrote: [snip] > Bill, > > I am terribly sorry, but I just don't see how it would be economical for > an MSP to have professional IT security guys watch numerous screens where > new alerts pop up all the time, unless those professional IT security > guys come 20 cents a dozen. [snip] _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls