>2) Things work for themselves only : What I mean here is that security can
...
>it. I'll take the liberty to quote Marcus Ranum here from his speech at
>Seguridad en Computo 2003 (Mexico City), where he said that event
>correlation engines are practically nothing more than a software than
>instead of displaying 60 000 times the same king of event logged, will give
>one event saying that this have occured 60 000 times. Not much more of an
With all due respects to Marcus Ranum, this is not the state of the art in
log analysis, not by a long shot. Correlation now is much more than
aggregation of that sort. And "automated analysis" is also quite possible.
It still requires a human at some stage though :-)
Best,
--
Anton A. Chuvakin, Ph.D., GCI*
http://www.chuvakin.org
http://www.info-secure.org
-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------
Received on Jun 17 2003
Intro
