Tuesday, October 17, 2006

H8...sheer unadulterated H8

So, the majority of you know that I work in computer security. And as a result, I occasionally have to deal with consultants. As a former consultant who travelled for 4 years, I fully understand the rigors of that sort of work, and realize that after a while you get kind of burned out and just want to do your own thing.
However, this particular story has nothing to do with that. It has to do with a company whose product is so horrible that we spent $125k or so on it, and it gives us nothing useful. But we can't dump it because we SPENT $125,000 on it! This product is called QRadar. The idea is that it's supposed to provide a visibility into the network so that network admins can track down potential problems, security pogues can track down viruses or policy violations, and server admin-types can track down traffic that may beat up their servers. It's fun for the whole IT family.
And if it worked as advertised, I'd be happy.

But it doesn't. The filters set up on the box are generally crap. The traffic that its sensors pick up is standard stuff, but it gets caught in the 'offense manager'. 'Oh that's a problem with the tuning' they say, trying to sluff their crap off on my stupidity.

Not this time junior.

So, back to the $125k. Included in that amount was 5 days of consultative time. They're supposed to come out, help install the product, and get it tuned for you. As well as ensure that you're getting what you want from the product, report-wise. My first experience with them was at my 'home' site, where I'm stationed 90% of the time. I asked for 5 days, got 2.5, with a promise for more in the future. "We're really busy and short a couple field engineers, so if you don't mind, we'll get it installed and then help you online and over the phone get it tuned". Needless to say, it never got tuned properly, and hell if I have time to get it squared away.
So, I tried to get it right with this site. I started planning and scheduling this in August. Yep, August. Finally, two weeks ago, I get an email from the guy, "Congratulations, I can be there Oct 16-18". I figured, that actually meant to WORK the 16-18.


That meant he'd arrive at 6pm or so on the 16th, and come to my site at 10:30am on the 17th. Leaving a day and a half or so to get the install done. (Remember I said we had 5 days? yeah...)
Then their special hardened OS distro doesn't support the 3com fiber cards in the server. 3com. It's not like we picked some random-ass noname network card. It's a friggin 3COM! But no. So, we have to use a redhat distro, which I'm ok with, since I kinda know RH. But of course, today of all days, the RH site is down. Not sure why, or wtf happened, but it's down.

So, comedy of errors all around, I'm sitting in the datacenter at 5:30, and I probably will be here tomorrow at 5:30am as well, without having gone back to the hotel to sleep.

Damn consultants.

No comments: