Let us now discuss the key elements that a prospective buyer should look for in a MSSP:

• Confidentiality of Company Information: Understand how the prospective service provider ensures confidentiality of its customer’s information- this would particularly apply to security policies, network diagrams, and other information required providing the service.
• Service Level Agreements (SLA): These agreements essentially quantify the service level or the key measurable. For example, guaranteed availability of the firewalls, the time required to validate, confirm, and implement a rule base change. Rule base change turnaround varies. It would take longer if we perform proper analysis of the proposed change to the whole firewall rule base, followed by a confirmation for the client’s signoff. However, for changes that do not require providing consulting would take considerably lesser time.
• Network Operating Centers (NOC): Check the NOC with respect to physical security practiced. Ideally, restricted access should be provided within the premises; the service provider should directly employ employees; always a couple of employees should enter the operating center together. There should be alternative supplies for power, cabling, telecommunication links, Air conditioners. There should be disaster recovery sites for the NOCs.
• Disaster Recovery: Look for a service provider who has provision for a disaster recovery site and well-established and practiced procedures. Incase, your managed firewall is deployed at the service provider’s NOC/POP (network operating center/ point of presence), check for the disaster recovery measures that have been established to provide you service continuity. Scheduled dry runs should be performed.
• Vulnerability Testing: Typically these tools are developed for either network vulnerability analysis on intranets, application servers, web server, firewalls, or developed for host-based analysis on client machines. The network tools perform network probes on applications, operating systems and routers for any network-based vulnerability. However, host based tools analyze each host for a range of standard security weaknesses.
• Monitoring: Human administrators cannot provide round the clock monitoring for system health, hacking attempts, and unauthorized access. Measurement of performance, filtering it, and producing alerts whenever thresholds are reached is, best done by using software’s. This would ensure for efficiency and effectiveness in monitoring services.
• Encryption: Any communication (e.g., rule base changes, remote administrations, remote system reboots) between the managed firewalls and the NOC (Network Operating Centers) should be performed through encrypted data. This would avoid the chance of an Internet based spoofing.
• Intrusion Detection: The Intrusion Detection system deployed at the MSSP should be configured such that it does not raise too many false alarms. This would ensure that the MSSP team is not flooded with too much information, and handle the incidents with efficiency and effectiveness.
• System Backups:  Systems back up should be taken regularly. The service provider should be able to restore the firewall/IDS including all base rules, without any difficulty.

• Change request procedures:  Best practices recommend that a change request be recorded, validated and processed in a reliable and consistent way. The service provider should validate that the request for change in the configuration has come from an authentic person. The designated security management representative of your organization must duly sign this request. All the changes should become a part of the Change Control System.

• Management reports: These reports would give you an insight to the effectiveness and efficiencies of the security products deployed. They would typically incorporate a snapshot of the work that is completed within the time frame, scheduled changes, and performance with respect to the SLA’s.

www.bestitdocuments.com