As for the opensource one, you could try OSSIM. Op 25 jan. 2012 23:51 schreef "Andrew S. Baker" <[email protected]> het volgende:
> You need to speak to your senior mgmt about the auditors. > > Have them show you some *current* best practices, or some compliance > requirements that mandate this. > > Or, if the stubborness prevails, convince your management to sign off on > the acceptance on this "legacy" configuration, because they are increasing > your risk profile. > > Please tell us the auditors, so we can prepare ourselves to avoid them at > all costs. I haven't had to have this particular argument with auditors > since 2005 or 6. > > As for the SEIM, it's not a bad idea, necessarily. But I would highly > recommend opensource to start, so you better manage costs. > > As for the encryption everywhere, that is just foolhardy for most > businesses. To solve this particular problem, just research a few > end-to-end security vendors and bring the invoice -- with list prices -- to > your management team. It'll be shot down so fast you might get dazed. > > Your auditors are obviously trying to make up for a deficiency in revenue > at their organization... > > What industry or government regulations are you subject to? > > > > * * > > *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of > Technology for the SMB market… > > * > > > > On Wed, Jan 25, 2012 at 3:21 PM, [email protected] <[email protected]>wrote: > >> So far it is their way only no discussion and I should have had this in >> place already. Still not in the discussion phase of the audit so I may get >> a chance to talk back but so far it has been you are a bad bad >> administrator and should be bound and beaten. I am working on the bound >> part but I may need a good beaten….**** >> >> Thanks guys.**** >> >> They want to make sure my way of looking at logs, (SYSLOG and FireGen), >> is enough but they also want everything encrypted.**** >> >> ** ** >> >> ** ** >> >> *From:* Andrew S. Baker [mailto:[email protected]] >> *Posted At:* Wednesday, January 25, 2012 2:36 PM >> *Posted To:* [email protected] >> *Conversation:* FW: SIEM >> *Subject:* Re: FW: SIEM**** >> >> ** ** >> >> You've got some fun auditors.**** >> >> ** ** >> >> Google will help you here. (Understanding of the category, rather than >> selection of the tool)**** >> >> ** ** >> >> Why aren't you asking the auditors these questions?**** >> >> >> **** >> >> *ASB***** >> >> *http://XeeMe.com/AndrewBaker***** >> >> *Harnessing the Advantages of Technology for the SMB market…***** >> >> >> >> **** >> >> On Wed, Jan 25, 2012 at 2:14 PM, [email protected] <[email protected]> >> wrote:**** >> >> **** >> >> **** >> >> This is new to me. What is SIEM and what do I do with it?**** >> >> **** >> >> >> ** >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
