Andrew, I'm with you on the need to tune upstream devices (firewalls, IDS, etc.) but I'd have to say that I _have_ seen a SIM significantly improve an organization's security.
At one of our customers, their deployment of a CS-MARS 100 has enabled them to quickly see and address issues across a _lot_ of devices, including firewalls, IDS, routers, VPN appliances, and more. I wish that I'd had something similar back when I was responsible for operational security. Is this space over-hyped? Probably. So was IDS. But I believe that a SIM can help security staff see things that they may otherwise miss, especially security event data happening across multiple devices at the same time. 2 cents. Brent Stackhouse, GSEC/GCIH VP of Security Solis Security, Inc. Austin, Texas www.solissecurity.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
