How do you plan to leverage our MSP services for monitoring and alerting?
 |
| About the Author |
| Dr. Paul Rohmeyer is a faculty member at Stevens Institute of Technology, an independent security consultant focusing on enterprise IT risk management, and a frequent speaker at security and audit industry events. He has advised numerous financial, telecommunications and pharmaceutical companies in the development of secure network architectures. |
|
|
|
|
The customer has deployed IDS sensors, a variety of firewalls and antivirus systems throughout their network. They have implemented a management platform to aggregate and centrally analyze event data that is continuously analyzed by the MSSP. Now comes the harder question; how will the customer's security monitoring and response processes rely on the alerting that is provided by the MSSP? All MSSPs provide essential alerting capabilities for suspected incidents and also some level of centralized reporting and analysis capabilities that may be valuable when monitoring resources. Security staff may find it helpful to leverage the custom reporting and analysis capabilities provided by the MSSP to supplement their own security management platform.
At a high level you will need to describe the basics concerning the way the customer will need to rely on the architecture including the network security management platform and the data from the MSSP.
Return to the remote management platform FAQ guide and read the rest of Paul's expert responses.
