IDS: Question on resources needed to manage IDSes

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

IDS mailing list archives

Question on resources needed to manage IDSes

From: kgeorgiades () toplayer com
Date: Mon, 1 Dec 2003 10:16:17 -0500


Everyone seems to be talking about the large volume of alarms and logs
produced by IDSes.
Managing IDSes and dealing with false alarms seems to be an issue that all
IDS vendor are trying to address.

Has any one of you seen any data on how many analysts (resources) are needed
to manage IDSes in enterprises?

I am looking for a rule of thumb, something like this:
1-5 IDS sensors - 1 Analyst
5-15 IDS sensors -2 Analysts
15-50 IDS sensors- 3 Analysts
1 Analyst for every 30 additional IDS sensors.

I will appreciate any feedback that I can get.

Thanks,

Kyriacos (Ken) Georgiades
Senior Director, Product Line Management
Top Layer Networks, Inc
Tel: 508 870 1300 x 231
Cell: 508 783 5988
Fax: 508 870 9797
Email: kgeorgiades () toplayer com
www.toplayer.com


---------------------------------------------------------------------------
---------------------------------------------------------------------------

By Date By Thread

Current thread:

Question on resources needed to manage IDSes kgeorgiades (Dec 01)
- Re: Question on resources needed to manage IDSes Peter Schawacker (Dec 01)
- Re: Question on resources needed to manage IDSes Andy Cuff [Talisker] (Dec 01)
- Re: Question on resources needed to manage IDSes Jack Whitsitt (jofny) (Dec 02)
- <Possible follow-ups>
- Re: Question on resources needed to manage IDSes simonis (Dec 02)
  - Re: Question on resources needed to manage IDSes Jeff Nathan (Dec 02)