IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: RE: Tuning false positives - SIM is not the answer

From: brent () solissecurity com
Date: 4 Jan 2006 21:15:05 -0000
Andrew,

I'm with you on the need to tune upstream devices (firewalls, IDS, etc.) but I'd have to say that I _have_ seen a SIM 
significantly improve an organization's security.

At one of our customers, their deployment of a CS-MARS 100 has enabled them to quickly see and address issues across a 
_lot_ of devices, including firewalls, IDS, routers, VPN appliances, and more.  I wish that I'd had something similar 
back when I was responsible for operational security.

Is this space over-hyped?  Probably.  So was IDS.  But I believe that a SIM can help security staff see things that 
they may otherwise miss, especially security event data happening across multiple devices at the same time.

2 cents.

Brent Stackhouse, GSEC/GCIH
VP of Security
Solis Security, Inc.
Austin, Texas
www.solissecurity.com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: