Subject: [Dshield] Outsourced Vulnerability scanning?
tony.carothers at lifestreamtech.com
Fri Mar 1 15:11:32 GMT 2002
www.e3tech.net does this kind of thing now. VERY sharp group.
From: mmcgillis [mailto:mmcgillis at inline.com]
Sent: Friday, March 01, 2002 6:33 AM
To: list at dshield.org
Cc: mmhome at iqmail.net
Subject: Re: Subject: [Dshield] Outsourced Vulnerability scanning?
My guess is that they are charging to set up and monitor a snort box.
On Thu, 28 Feb 2002, David Sentelle wrote:
> I know a friend who's network is being monitored by SecureWorks. Info on
them is available at www.secureworks.net
> >From what I understand they email you daily with totals on the types of
attacks and probes they've deterred. The sample I saw seemed to be focusing
on CodeRed and Nimda, but also reported some Queso, Syn/Fin, and Wingate
probes. They put a 1U rackmountable (cobalt?) UNIX box of some type between
your router and the protected network. This computer can operate in
monitoring or blocking mode, depending on what you request of them.
> I am not sure what their services cost, but seem to remember wondering
where they were going to make money handing out that equipment and
(presumably) assuming liability.
> My friend did say that his firewall sitting behind their box still rejects
lotsa of packets, which makes me wonder what that box is doing, anyhow.
> Message: 2
> From: "MM" <mmhome at iqmail.net>
> To: <list at dshield.org>
> Date: Wed, 27 Feb 2002 14:31:15 -0600
> Organization: SSI
> Subject: [Dshield] Outsourced Vulnerability scanning?
> Reply-To: list at dshield.org
> Does anyone know of a good IT auditing firm that focuses on monthly
> vulnerability scanning? My company needs a third-party to outsource this
> security service to for legal liability purposes. We have looked into
> and larger players, but they charge an exorbitant amount of money for
> work. We have looked at smaller players like Strongboxsecurity.com and
> their low cost subscription service, but what I really wanted to know is
> does anyone have any suggestions to picking a security vendor that does
> kind of work and what I should watch out for?
> This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to which they are
addressed. If you have received this e-mail in error, please notify
admin at cnbcbank.com and delete it from your system.
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list