IDS mailing list archives
Re: RE: RE: Tuning false positives - SIM is not the answer
From: brent () solissecurity com
Date: 4 Jan 2006 21:15:05 -0000
Andrew, I'm with you on the need to tune upstream devices (firewalls, IDS, etc.) but I'd have to say that I _have_ seen a SIM significantly improve an organization's security. At one of our customers, their deployment of a CS-MARS 100 has enabled them to quickly see and address issues across a _lot_ of devices, including firewalls, IDS, routers, VPN appliances, and more. I wish that I'd had something similar back when I was responsible for operational security. Is this space over-hyped? Probably. So was IDS. But I believe that a SIM can help security staff see things that they may otherwise miss, especially security event data happening across multiple devices at the same time. 2 cents. Brent Stackhouse, GSEC/GCIH VP of Security Solis Security, Inc. Austin, Texas www.solissecurity.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- RE: RE: Tuning false positives - SIM is not the answer Gary Halleen (ghalleen) (Jan 02)
- Re: Tuning false positives - SIM is not the answer Stefano Zanero (Jan 05)
- <Possible follow-ups>
- RE: RE: Tuning false positives - SIM is not the answer Andrew Plato (Jan 02)
- Re: RE: RE: Tuning false positives - SIM is not the answer rassel_k (Jan 05)
- Re: RE: RE: Tuning false positives - SIM is not the answer brent (Jan 05)
- Re: Tuning false positives - SIM is not the answer Jason (Jan 11)
- Re: Tuning false positives - SIM is not the answer Brent Stackhouse (Jan 12)
- Re: Tuning false positives - SIM is not the answer Jason (Jan 11)
- Re: Tuning false positives - SIM is not the answer Brent Stackhouse (Jan 10)
- Re: Tuning false positives - SIM is not the answer Jason (Jan 11)
- Re: Tuning false positives - SIM is not the answer Brent Stackhouse (Jan 11)
- RE: Tuning false positives - SIM is not the answer Bruce Young (Jan 15)
- Message not available
- RE: Tuning false positives - SIM is not the answer Ron Gula (Jan 16)