RE: SIM questions.

Hi Ray,
There is some variation in the scope of what a SIM will achieve but
generally the SIM takes security feeds from a number of devices, it will
aggregate the information to reduce the quantity and correlate the
information with other sources to ascertain the likelihood of the resultant
security threat being genuine and not a false alarm. Running a vulnerability
scanner such as Nessus will allow the SIM to alter the severity based upon
the vulnerability of the target.

For instance if the SIM alerts that an IDS has detected an attack against a
webserver, the Nessus feed would allow it report on the likelihood of the
attack being successful, i.e. was the target vulnerable to the attack

This is fairly simplistic as the vulnerability feed can provide more

I suggest you read some of the vendor descriptions about what their SIM's
can achieve, I particularly liked the Tenable write up. We have a list of
the various SIM's here
http://www.networkintrusion.co.uk/index.php/component/mtree/Security-Managem
ent/Security-Information-Managers.html

I should point out that a SIM is not the security panacea people may have
you believe, they take an awful lot of work and tender loving care to keep
them working, a bit like an IDS. Though if you are willing to invest the
time they can pay dividends

Regards

Andy Cuff
Managing Director / CEO
Computer Network Defence Ltd
www.SecurityWizardry.com
Tel 01225 811806
Mob 07968 608945
International +44 1225 811877
Skype: Taliskeruk
LinkedIN http://www.linkedin.com/in/andycuff

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Ray Van Dolson
Sent: Tuesday, August 19, 2008 10:00 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: SIM questions.

Hi all. Currently we make use of Nessus extensively for security
scanning. I'm evaluating Tenable's Security Center to make managing
these scans easier, but am curious how an SIM would fit into this.

Would something like Symantec's SIM *replace* Nessus' active scanning
capabilities? Complement it?

My impression is that the SIM is more of an information
aggregator that
helps with your workflow vs actually doing the scanning --
and thus our
Nesuss scanners would still be necessary.

If any of you out there use Nessus + a SIM I'd be interested
in hearing
how you've fit these pieces together.

Thanks,
Ray




Relevant Pages

  • SIM questions.
    ... I'm evaluating Tenable's Security Center to make managing ... Would something like Symantec's SIM *replace* Nessus' active scanning ...
    (Security-Basics)
  • RE: RE: Tuning false positives - SIM is not the answer
    ... A SIM will not tune out or alter the reporting events. ... reports than actually improving security. ... however if some of them are for real attacks and ...
    (Focus-IDS)
  • Re: ICE - In Case of Emergency
    ... >I suppose I need to leave the PIN to unlock the keypad written down ... If the number is stored on the phone (rather than the SIM) then replacing ... some phones have a security thing to pop up a security ...
    (uk.telecom.mobile)
  • Re: Passed 70-290....Barely
    ... not sure how the whole sim thing is going to go. ... I am saving ... The security+ I hear is pretty tuff and I will probably learn something ... > yes congrats, I also passed it, all I've got left is the 70-291 for my MCSA, ...
    (microsoft.public.cert.exam.mcsa)
  • Re: ICE - In Case of Emergency
    ... Perhaps on a bit of tape on the rear of the phone? ... If the number is stored on the phone (rather than the SIM) then replacing ... some phones have a security thing to pop up a security ...
    (uk.telecom.mobile)
Quantcast