How does the platform complement your existing architecture? Does it meet your security needs?
A security management platform should function as the core resource for aggregation and correlation of event data. It should provide a centralized console from which the customer's security team will continuously monitor the network. The platform will most likely also be used as the starting point for investigations. The customer should therefore be encouraged to evaluate their security architecture with an eye towards understanding how the platform extends and enriches the existing network and security architecture and, most importantly, how they can leverage the platform and MSSP to gain rich analysis capabilities. This analysis should extend beyond the management platform and into some consideration of the basic security architecture elements such as the placement of firewall and IDS devices.
Be prepared to ask for a list all of the devices in the network that will be monitored and explain the reasons for the current architecture and the location of the devices. The list should be detailed including the version level of all security software.