Over the last 18 months I've been called upon several times to "put right" security projects that have gone awry in the SEM/SIEM area. Generally the security department has several IDS/IPS systems feeding into a large Security Event Correlation and Management system in an attempt to "make some sense of the damn IDS" and change some of those console screens from "always on red".
I've gathered together all the lessons learned in the process of rescuing these projects, and present them in a short paper. I/we don't sell SEM/SIEM products so you will find the text pretty balanced, I've found shortcomings with every one of the 5-or-so vendors in this area. If it saves even 1 more failed project or wasted purchase then it will have been worth it. For those of you already part-way through an implentation of such a project, theres still some hope in there for you :-) http://www.360is.com/downloads/360is-prep-sem.pdf Nick ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
