Network Computingwww.networkcomputing.com

The word is out: Managing an intrusion detection system can be quite a chore, even for hardened IT staffs. The manpower needed to monitor, support and upgrade today's intrusion detection solutions took us off guard -- these devices can be more high-maintenance than a Meg Ryan character. Moreover, outsourcing the management of your IDS won't take all of the pain away, only some of it. There are still a number of tasks that will fall right back into your lap, such as patching vulnerable systems, cleaning up after attacks and performing follow-up investigations. When it comes to IDSes, an MSSP (managed security service provider) should be looked at as extension to your IT staff, not a replacement for.

As MSSPs, such as Counterpane Internet Security, Internet Security Systems, NetSolve and Riptech, continue to improve their offerings, they should strive to achieve a balance between their customers' IT staffs and their operations centers. Smart IT managers, on the other hand, will realize that MSSPs aren't replacing them but rather freeing them to focus on business. Believe us, after the first hundred-thousand alarms, the excitement surrounding real-time intrusion monitoring will wear off.

Finally, organizations must keep their MSSPs on their toes. We've heard horror stories about sensors dropping offline and missed reports (see "Security Outsourcing: Pass the Buck"). Plan to run some attacks once in a while, and make sure you're receiving reports. Remember, your provider is not responsible for your overall security. You are. If the MSSP fails, it's still your ass.