Re: Researching SIMs
From: jeff.hartley@cox.comDate: 03/21/02
- Previous message: Xiaoyong Wu: "RE: Statistical Anomaly Analysis? (fwd)"
- Maybe in reply to: Alfred Huger: "Researching SIMs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 21 Mar 2002 02:14:11 -0000 From: <jeff.hartley@cox.com> To: focus-ids@securityfocus.com('binary' encoding is not supported, stored as-is)
In-Reply-To: <Pine.LNX.4.43.0203181948020.1013-100000@mail.securityfocus.com>
I just implemented the NeuSecure product from
Guarded.Net. I'm basically an open-source bigot, but
we've got everything from Solaris to RedHat to Cisco
to NetScreen running here, and the idea of using
agents everywhere has always made me shudder
(other people's code EVERYWHERE=bad).
Just think of the NetCool model: distributed collection
nodes that all the nearby devices talk snmp and
syslog to queue and send everything back to a
central server, which stores everything in a MySQL
back-end. (Hence, I still don't need to hire a damned
Oracle DBA.) Everything's SSL-ized, uses common
open-source tools (sans some of their own C code)
and the central server has granular user control.
(This keeps my SOC people away from my SecEng
people's access nicely.)
I haven't hit any major snags yet, other than the fact
that I totally underestimated how much drive space I'd
use with all the snort, ipfilter, and NetScreen logs
being centralized. I hate to personally tout any
particular vendor, but they're the only ones that
haven't pissed me off in the last year!
Jeff Hartley
Lead Security Engineer
CCI
- Previous message: Xiaoyong Wu: "RE: Statistical Anomaly Analysis? (fwd)"
- Maybe in reply to: Alfred Huger: "Researching SIMs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
