--- On Mon, 11/16/09, Rich Kulawiec <[email protected]> wrote:
> I have to concur with this. I say "have to" because I'd really like
> to disagree, but all available evidence suggests that Chris' assessment
> is spot-on.
I do that once a year just to throw everybody off.
> Dammit, could you be less depressingly correct on a Monday
> morning? ;-)
I'm still an optimist, though. Recent re-diving into the SIM product landscape
gives me hope. Splunk and Alienvault/OSSIM have done really cool things in the
past two years and I have the sneaking suspicion that we are creeping up on the
adoptionability of more and better monitoring solutions. A hundred people
showed up for a day of Splunk seminars here in RTP last week and lots of them
were already doing neat things (and people just don't show up for product
seminars these days).
If we can make it possible for people to tell that they've been compromised
*then* we stand a chance of getting them to fix the unacceptable crap. If all
we do is tell them to use better crap they'll never advance. It's all about
visibility.
-chris
PS - Tom Waits is the background music to my life...
"If I exorcise my devils, well my angels may leave too."
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
