Security Basics mailing list archives
RE: SIM questions.
From: "Andy Cuff (Talisker)" <SecurityLists () securitywizardry com>
Date: Wed, 20 Aug 2008 06:45:37 +0100
Hi Ray, There is some variation in the scope of what a SIM will achieve but generally the SIM takes security feeds from a number of devices, it will aggregate the information to reduce the quantity and correlate the information with other sources to ascertain the likelihood of the resultant security threat being genuine and not a false alarm. Running a vulnerability scanner such as Nessus will allow the SIM to alter the severity based upon the vulnerability of the target. For instance if the SIM alerts that an IDS has detected an attack against a webserver, the Nessus feed would allow it report on the likelihood of the attack being successful, i.e. was the target vulnerable to the attack This is fairly simplistic as the vulnerability feed can provide more I suggest you read some of the vendor descriptions about what their SIM's can achieve, I particularly liked the Tenable write up. We have a list of the various SIM's here http://www.networkintrusion.co.uk/index.php/component/mtree/Security-Managem ent/Security-Information-Managers.html I should point out that a SIM is not the security panacea people may have you believe, they take an awful lot of work and tender loving care to keep them working, a bit like an IDS. Though if you are willing to invest the time they can pay dividends Regards Andy Cuff Managing Director / CEO Computer Network Defence Ltd www.SecurityWizardry.com Tel 01225 811806 Mob 07968 608945 International +44 1225 811877 Skype: Taliskeruk LinkedIN http://www.linkedin.com/in/andycuff
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ray Van Dolson Sent: Tuesday, August 19, 2008 10:00 PM To: security-basics () securityfocus com Subject: SIM questions. Hi all. Currently we make use of Nessus extensively for security scanning. I'm evaluating Tenable's Security Center to make managing these scans easier, but am curious how an SIM would fit into this. Would something like Symantec's SIM *replace* Nessus' active scanning capabilities? Complement it? My impression is that the SIM is more of an information aggregator that helps with your workflow vs actually doing the scanning -- and thus our Nesuss scanners would still be necessary. If any of you out there use Nessus + a SIM I'd be interested in hearing how you've fit these pieces together. Thanks, Ray
Current thread:
- SIM questions. Ray Van Dolson (Aug 19)
- Re: SIM questions. ॐ aditya mukadam ॐ (Aug 20)
- Re: SIM questions. Adriel Desautels (Aug 20)
- <Possible follow-ups>
- RE: SIM questions. Andy Cuff (Talisker) (Aug 20)
- Height of paranoia WALI (Aug 27)
- Re: Height of paranoia Adriel Desautels (Aug 28)
- RE: Height of paranoia Murda Mcloud (Aug 28)
- Re: Height of paranoia Adam Pal (Aug 28)
- RE: Height of paranoia Scott Race (Aug 28)
- RE: Height of paranoia Rivest, Philippe (Aug 28)
- Re: Height of paranoia pinowudi (Aug 28)
- Message not available
- Re:Height of paranoia reflect ocean (Aug 28)
- Height of paranoia WALI (Aug 27)
- Re: Height of paranoia Chad Perrin (Aug 28)
- Re: Height of paranoia David J. Bianco (Aug 28)