|
We sought vendors that specialized in auditing and risk assessment and that possessed an understanding of a varied range of systems. We were essentially looking for a company that could descend on a network and organization of this size and whip its security problems into shape.
In addition to addressing these needs, vendors were asked to highlight any additional security-related issues that PRIS and its staff may not have foreseen. We asked not only for a plan, but also the costs involved, the profiles of consultants working on these projects and descriptions of some previous clients. After all, many vendors can present a good game on paper but it takes a track record, and the possession of rare skills, to pull it off.
And they delivered. We were quite impressed by the depth
of detail provided by many of the respondents, who were Coopers & Lybrand, Digital Equipment Corp., Entrust Technologies, Miora Systems Consulting, Price Waterhouse and WheelGroup Corp. We were also intrigued by the fact that though each vendor focused on specific subject areas, the responses were generally very similar in their overall methodology. Where in some areas of the consulting industry this could be cause for alarm, in this particular arena a common goal reached through common methods is warmly welcomed.
Unfortunately for us, this made the short-list decision process extremely difficult. We've never had responses to one of our RFPs where the vendors were all so close in the running. In fact, the quality of all proposals was so high that we suspect, with the exception of Entrust, that any of the vendors could have performed the job satisfactorily.
In the end, though, we narrowed the short list to Coopers & Lybrand, Miora Systems, Price Waterhouse and WheelGroup and gave the bid to San An
tonio-based WheelGroup. Founded less than four years ago by ex-Air Force information warfare specialists, WheelGroup brings to the table a full range of services that addressed all of our requirements. One of its outstanding attributes is that it markets both products and consulting services. WheelGroup's intrusion detection system (IDS), NetRanger, is one of the most widely used in the industry. Its NetSonar product, a SATANesque probing tool, evolved from the internal set of tools used by the consulting side of the house. This synergy, created from the joining of research, development and consulting, combined with a firm understanding of business process and one of the strongest talent pools to be seated under one roof, sealed the decision for us.
It's worth noting that we started this security RFP process with far more than six vendors, and that all vendors who submitted proposals appear in the text. Among those originally invited that did not choose to participate were Arthur Andersen, Deloitte & To
uche and Ernst & Young. We find it odd, if not disturbing, that organizations of this size, specifically in the consulting arena, did not or could not bid on a project of this nature. Security is a crucial component in modern-day business. Lack of participation by firms such as these simply reinforces our belief that IT staffs need to take a serious look at their current security infrastructure.
Finally, because each vendor presented different pricing scenarios, we attempted to use the supplied data to create an apples-to-apples comparison. This grouping left us with a few discrepancies, which we grouped into a "miscellaneous" category on the pricing chart (at left). These misfit areas will be explained in greater detail within the individual evaluation sections.
In WheelGroup Corp.'s Words:Solution Summary
 WheelGroup Corp. has blended leading-edge products and services that have been proven in the marketplac
e. PRIS is not alone in the struggle to handle security in today's climate of high IT personnel turnover, worldwide employee locations and minimal security budgets. In this regard, this proposed solution requires low day-to-day management and is applicable across the entire enterprise, flexible in implementation and of minimal cost.
The Security Wheel model recommended for PRIS is a methodology that focuses on security as an operational issue. Security should no longer be merely a regulatory issue, but an integral part of the very heart of PRIS' business model--consistently providing data that must maintain its availability, integrity and confidentiality. The proposed approach is simple for management to understand and commit to, yet extremely effective. It relies on a cyclical process resulting in continuous feedback to the PRIS security staff. This feedback gives PRIS "visibility" into network operations where previously there was only the unknown accompanied by fear of compromise. PRIS can generate regu
lar reports with actual collected data and disseminate them throughout the corporation to aid in employee awareness. It then can channel the results from routine monitoring and testing into incremental improvement of security posture.
PRIS accomplishes regular testing of its security posture through a combination of Security Posture Assessments performed by WheelGroup consultants and the use of the NetSonar vulnerability scanner and network mapping system by the PRIS staff. This testing, combined with monitoring conducted with the NetRanger network intrusion detection system, provides key insight into the improvement section of the Security Wheel. These pieces are essential for PRIS' continued migration towards a greater Internet presence.
|
REPORTS
ANALYTICS
Follow 
