Re: SIM questions.
- From: Adriel Desautels <adriel@xxxxxxxxxxxxx>
- Date: Wed, 20 Aug 2008 13:11:49 -0400
Ray,
You can enhance the capabilities of a SIM by feeding vulnerability
information to that SIM especially if you properly correlate IDS and
server logs with vulnerability information.
Eg:
Target is vulnerable on port 80
Attack Detect on Port 80
System log generated on port 80
Application Firewall Event on port 80
4 hits in one event instead of one event per hit. :)
Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45
Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142
---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security
Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn
Ray Van Dolson wrote:
Hi all. Currently we make use of Nessus extensively for security
scanning. I'm evaluating Tenable's Security Center to make managing
these scans easier, but am curious how an SIM would fit into this.
Would something like Symantec's SIM *replace* Nessus' active scanning
capabilities? Complement it?
My impression is that the SIM is more of an information aggregator that
helps with your workflow vs actually doing the scanning -- and thus our
Nesuss scanners would still be necessary.
If any of you out there use Nessus + a SIM I'd be interested in hearing
how you've fit these pieces together.
Thanks,
Ray
- References:
- SIM questions.
- From: Ray Van Dolson
- SIM questions.
- Prev by Date: RE: statefull inspection FW and hackers
- Next by Date: Re: statefull inspection FW and hackers
- Previous by thread: Re: SIM questions.
- Next by thread: RE: SIM questions.
- Index(es):
Relevant Pages
|
