IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Random IDS Thoughts [WAS: Re: IDS thoughts]

From: "Anton A. Chuvakin" <anton () chuvakin org>
Date: Mon, 16 Jun 2003 17:36:00 -0400 (EDT)
2) Things work for themselves only : What I mean here is that security can

...

it.  I'll take the liberty to quote Marcus Ranum here from his speech at
Seguridad en Computo 2003 (Mexico City), where he said that event
correlation engines are practically nothing more than a software than
instead of displaying 60 000 times the same king of event logged, will give
one event saying that this have occured 60 000 times.  Not much more of an

With all due respects to Marcus Ranum, this is not the state of the art in
log analysis, not by a long shot. Correlation now is much more than
aggregation of that sort. And "automated analysis" is also quite possible.
It still requires a human at some stage though :-)

Best,
-- 
  Anton A. Chuvakin, Ph.D., GCI*
     http://www.chuvakin.org
   http://www.info-secure.org


-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: