Re: SIM questions.

[Adriel Desautels <adriel () netragard com>]

Ray,
        You can enhance the capabilities of a SIM by feeding vulnerability
information to that SIM especially if you properly correlate IDS and
server logs with vulnerability information.

Eg:

Target is vulnerable on port 80
Attack Detect on Port 80
System log generated on port 80
Application Firewall Event on port 80

4 hits in one event instead of one event per hit. :)

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


Ray Van Dolson wrote:
> Hi all.  Currently we make use of Nessus extensively for security
> scanning.  I'm evaluating Tenable's Security Center to make managing
> these scans easier, but am curious how an SIM would fit into this.
>
> Would something like Symantec's SIM *replace* Nessus' active scanning
> capabilities?  Complement it?
>
> My impression is that the SIM is more of an information aggregator that
> helps with your workflow vs actually doing the scanning -- and thus our
> Nesuss scanners would still be necessary.
>
> If any of you out there use Nessus + a SIM I'd be interested in hearing
> how you've fit these pieces together.
>
> Thanks,
> Ray