|
IDS
mailing list archives
Re: RE: RE: Tuning false positives - SIM is not the answer
From: brent () solissecurity com
Date: 4 Jan 2006 21:15:05 -0000
Andrew,
I'm with you on the need to tune upstream devices (firewalls, IDS, etc.) but I'd have to say that I _have_ seen a SIM
significantly improve an organization's security.
At one of our customers, their deployment of a CS-MARS 100 has enabled them to quickly see and address issues across a
_lot_ of devices, including firewalls, IDS, routers, VPN appliances, and more. I wish that I'd had something similar
back when I was responsible for operational security.
Is this space over-hyped? Probably. So was IDS. But I believe that a SIM can help security staff see things that
they may otherwise miss, especially security event data happening across multiple devices at the same time.
2 cents.
Brent Stackhouse, GSEC/GCIH
VP of Security
Solis Security, Inc.
Austin, Texas
www.solissecurity.com
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: RE: RE: Tuning false positives - SIM is not the answer, (continued)
Re: RE: RE: Tuning false positives - SIM is not the answer brent (Jan 05)
RE: Tuning false positives - SIM is not the answer Hellman, Matthew (Jan 11)
RE: Tuning false positives - SIM is not the answer Matthew Caldwell (Jan 13)
RE: Tuning false positives - SIM is not the answer Mike Owen (Jan 13)
|
Intro
