|
While securing the Internet presence of PRIS is critical, it is ineffective if the entire electronic perimeter is not secured as well. For this reason, this proposal incorporates a two-pronged solution to remote-access users worldwide. Those users who enter the intranet through the Internet will be able to establish an encrypted tunnel from a laptop to the intranet with a click of the mouse. For those who dial in directly to the network, a centralized modem pool with NetRanger intrusion detection at each hub office will effectively control malicious activity.
The solutions presented are not merely limited to those directly provided by WheelGroup. Through an extensive partner base with the likes of Electronic Data Systems, Perot Systems and BTG Technology Systems, PRIS can rest a
ssured that the recommendations presented are both comprehensive and superior in nature.
WheelGroup Corp.
Pros:
Hard-core security fanatics; extremely thorough solution; outlines good business strategies
Cons:
Company lacks the wallop of larger firms; relies heavily on partners to provide services it's unable to offer.
Network Computing's Evaluation Of WheelGroup Corp.'s Response
At the heart of WheelGroup's proposal is what it terms the Security Posture Assessment (SPA). The SPA is the auditing procedure broken down into three parts: an internal analysis, an external analysis (conducted from San Antonio) and the report based on these findings. Once completed, the report allows clients to see exactly where their infrastructure stands in relation to the big security picture. We were initially skeptical that this fairly vast undertaking could be accomplished in the three-to-four-week time period WheelGroup allotted. That is, we were skeptical unti
l we saw a sample report. The report detailed clear and concise breakdowns per machine of services offered, problems with particular services and suggestions on how to remedy those problems.
From the SPA, a game plan can be developed to address detected problems and define an acceptable security policy. WheelGroup's strategy is not to solve all problems right off (a nearly impossible task), but to continually strive to achieve an acceptable level of security. The nexus of this strategy revolves around what the company calls the Security Wheel. The method details a cyclical process of defining policy, securing systems, monitoring, testing security, and working to manage and improve that security. Because securing a network is a minor challenge compared with keeping it secured, WheelGroup's strategy is a recursive solution. We soon realized that organizations relying on an all-encompassing super-audit are placing their eggs in the wrong basket: This type of system will prove far more effective.
The second
half of the proposal recommends the implementation of WheelGroup's NetRanger and NetSonar products. With these two tools, administrators can monitor their network for suspicious activity using intrusion detection system technology and continue the auditing process on a scheduled basis. Using the results, security administration and evaluation can continue long after WheelGroup leaves, something we found very appealing. Incidentally, the cost for the full installation of these tools, including all the necessary hardware, is built into the proposed cost, making the $345,000 price tag a little more palatable.
The only complaint we had with WheelGroup's proposal might also be viewed in some lights as the company's strongest point: narrow focus. Where larger firms like Coopers & Lybrand have vast talent pools to throw at database, application and mainframe issues, WheelGroup sticks close to the network and perimeter. Fortunately, WheelGroup acknowledges this hole and has partnered with organizations like Er
nst & Young, IBM and Perot Systems to bridge the gap. This becomes a larger issue, however, when it comes to implementation and "repair" efforts. PRIS doesn't want to pay $2,400 a day for someone to install the latest service packs. System and network administration tasks like implementing suggested changes and patching operating systems can be left to staff or WheelGroup partners at an appropriate rate. This way, WheelGroup consultants stick to doing what they do best, and clients don't get charged high rates to implement simple changes.
As far as qualifications go, reading the supplied consultant profiles is like placing a Tom Clancy character in a William Gibson novel: founders of the information-warfare center, TEMPEST testers, United Nations computer specialists, computer forensic expertsıthe list goes on. You can't help but get the feeling these people are pretty serious about security.
WheelGroup's documentation is clear and concise, its products are widely used, its skill sets have been prove
n in the Fortune 100 as well as the military, and its methodology makes logical sense. Short, sweet and to the point.
|
REPORTS
ANALYTICS
Follow 
