Firewall Security -- incident response services ?

I have a buddy with 100 employees on a SonicWall
firewall that http://www.cerdant.com monitors, but
http://www.cerdant.com does not provide
IR (Incident Response) services.

What IR (Incident Response) services firm do you
recommend for this SonicWall firewall/etc ?
finance_teacherAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
it really depends on your business requirements, including business model, enterprise infrastructure, applications, database management for critical business data, and SLA if any. it is also related to your country and location, as obviously you need a local service provider which does everything compliant with your local laws and regulations.

it is not directly related to your firewall type and model though the incident response team does need to access the firewall for retrieving essential incident information.

NIST provides a good Security Incident Handling Guide from here, you may use it to define practical criteria, including team model and IR process, for selecting a local provider per your specific requirements.

a good example of IR services can be also found here.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
you are looking at managed security service provider (MSSP) in short. most of the time, customer "out-source" that as services if there are no on -premise FW hence routing all public facing service through security provider - include some but they may not be full-fledged providing the FW management. Som common one include OpenDNS (acquired by Cisco), ZScalar,  Akamai, Cloudflare, INcapsula etc.. they are also having their IR team in built to advise, publish advisory and share with customer on the evolving threats or during under attack.. the threats are wild public ones like DDoS and Web exploits which on premise FW does not suffice to defend if the surge is long persistent. Apologies I digress...

Sonicwall does provide their solution for MSP as well the IR part
http://www.sonicguard.com/Solutions-MSP.asp
https://support.software.dell.com/kb/sw3391

I suppose we are looking as a customer with on-premise FW (or even virtual based FW out in AWS) which they need MSSP to do the remote monitoring and in the area of IR, have some sort of a Security Ops Center (SOC) or Network Ops Center (NOC) to ensure the response is timely.

...but it depends on the MSSP SLA with partners to extend their reach into sonicwall expert or IR team in time of need which it should not be overdependent on. Ans the SLA to customer also affect the readiness required by the organisation to secure their business running. Cerdant is the very early adopter and not sure if that has evolved that well..
https://www.techdata.com/sonicwall/files/SonicWALL_Cerdant_Case_Study.pdf

Regardless, there is another candidate - Alvaka whose Fireworx Firewall Managed Services include Sonicwall suite. http://www.alvaka.net/fireworx/

... Just some thought - MSSP should be capable in variety and not solely on one brand or model as it also demonstrate their competency and ability to "switch" over in time of urgency and stay resilient with the customer (e.g. whole line of the same FW declared flawed). Minimally the MSSP that can really response should have a IR team, threat research team and be inquisitive (Just to share - http://www.experts-exchange.com/articles/15659/Ask-Cyber-Savvy-Question-s-There-are-many-ways-to-skin-a-cat.html)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.