[Dshield] DShield vs. Symantec

john beck jbeck80 at hotmail.com
Wed Jan 7 21:23:17 GMT 2004


Dave,

Thanks!  Part one is easy, who provides this service? A huge wave of 
providers are popping up daily.  They are called MSSP (Managed Security 
Service Providers).  Through research I found the previous mentioned 
Powerwall, which is a firewall/IDS/IPS manufact, that packages MSS (managed 
security service) in with product at amazing low cost (which scares some 
people, always more expensive is better), they will modify firewall and IDS 
to fend off and report attacks.  Symantec will do the same, even on non 
yellow appliances and software, of course they charge for it.  They tailor 
their SLA's to meet whatever needs you have.  There are more but the main 
question (for all of us paranoid at heart) "who" are you letting manage your 
security while you sleep, vacation, etc.  Symantec will show you they are 
very strict on hiring, most likely more than company you work for.  Brace 
yourself for the pricetag symantec gives you.
Second Part is not easy, who do I recommend?  Well... that is another story. 
  The main thing is that you "know" who you are working with.

John


>From: "Dave Hatz" <davehatz at hatzventures.org>
>Reply-To: General DShield Discussion List <list at dshield.org>
>To: "General DShield Discussion List" <list at dshield.org>
>Subject: Re: [Dshield] DShield vs. Symantec
>Date: Wed, 7 Jan 2004 12:03:08 -0800
>
>John,
>You mentioned "use a managed service to monitor and remediate in real time
>(blocking attacking subnets, etc)".  Could you please provide the names of
>these companies that provide such a service and that you would recommend?
>
>Dave
>
>----- Original Message -----
>From: "john beck" <jbeck80 at hotmail.com>
>To: <list at dshield.org>
>Sent: Wednesday, January 07, 2004 9:18 AM
>Subject: RE: [Dshield] DShield vs. Symantec
>
>
> > It is not fair to try to compare the two, I am proposing both to my
> > superiors.  In regards to reporting and remediation I do this.  At
>minimum,
> > I suggest using Dshield for reporting, statistics and remediation 
>(unless
> > you take pleasure in sending fightback letters).  I suggest it to any
> > business that has internet connectivity (what else are you going to do
>with
> > the firewall logs?).  If your business "host" anything, especially
> > e-commerce, it would be wise to use a managed service to monitor and
> > remediate in real time (blocking attacking subnets, etc) and use the
>dshield
> > (instead of managed service) to relieve the cost of fightback, use
>collected
> > data to double-check the managed service, let the service do the 
>real-time
> > issues and alerts (I don't think Johannes is going to call anyone at 3am
>to
> > alert).  FYI, there is going to be a huge surge in managed security
>services
> > (verisign just bought some big manage service company) In one case of
> > firewall/IDS/IPS (powerwall) they package the managed service to 
>maintain
>in
> > real-time.  The critical thing is "who" you are letting manage your
>security
> > (symantec has stringent hiring process).  Dshield does not do anything 
>to
> > your network, it is a reporting tool, where managed services will be "in
> > your network devices" changing config or rules as needed in real time.
> > Another way to look at it, if you can't afford managed services, you can
>at
> > least setup Dshield while you wait for next budget.
> >
> > If you like my advertising, please send Dshield monogrammed formal wear
>for
> > I am an under appreciated (paid) security guru, now if they would 
>upgrade
>my
> > etch-i-sketch to a laptop I will have it made:)
> >
> > John (2¢)
> >
> >
> >
> > >From: Pete Cap <peteoutside at yahoo.com>
> > >Reply-To: General DShield Discussion List <list at dshield.org>
> > >To: General DShield Discussion List <list at dshield.org>
> > >Subject: [Dshield] DShield vs. Symantec
> > >Date: Wed, 7 Jan 2004 07:52:58 -0800 (PST)
> > >
> > >So, I've got this salesman from Symantec attempting to sell me (or,
>rather,
> > >the organization for which I work) a subscription to their DeepSight
>Threat
> > >Management System.
> > >
> > >For those of you who are not familar with DeepSight, basically 
>Symantec's
> > >analysts take data from about 20k contributors in 180 countries (IDS
>logs,
> > >traffic data, etc.) and perform trend analysis (sound familiar?).  I
> > >suppose this question is directed mostly towards Johannes...as far as
>being
> > >a data source...how does dShield stack up against those numbers?
> > >
> > >Also...for anyone familiar with DeepSight, or using their services, how
> > >useful have you found them to be?  Worth the money or not?  Do they
>provide
> > >anything which you are unable to do yourself?
> > >
> > >Thanks,
> > >
> > >Pete
> > >
> > >
> > >---------------------------------
> > >Do you Yahoo!?
> > >Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
> > >_______________________________________________
> > >list mailing list
> > >list at dshield.org
> > >To change your subscription options (or unsubscribe), see:
> > >http://www.dshield.org/mailman/listinfo/list
> >
> > _________________________________________________________________
> > Working moms: Find helpful tips here on managing kids, home, work -  and
> > yourself.   http://special.msn.com/msnbc/workingmom.armx
> >
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see:
>http://www.dshield.org/mailman/listinfo/list
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list

_________________________________________________________________
Working moms: Find helpful tips here on managing kids, home, work —  and 
yourself.   http://special.msn.com/msnbc/workingmom.armx




More information about the list mailing list