Is your IDS output really being checked?

["Don Parker" <dparker () rigelksecurity com>]

Hello guys/gals, not sure how on topic this is but thought it made for intersting 
reading, and possible discussion. Many of us have IDS's at our work place. The thing is 
just how diligently are the analysts actually parsing the output? Sheer redundance of 
false positives, and perhaps skill level I believe is causing a lot of valid IDS output 
to be outright deleted or ignored. Unavoidable really I suppose, human nature being what 
it is. The real question being; is there a way to ensure that the analyst is actually 
performing his/her job? Outside of spot checks and the such I don't see of a way to do 
so. It all really comes down to the individual being motivated enough to take pride in 
their work no matter how tedious at times imho. Any thoughts on this? 
 
Cheers! 
 
Don 
 
------------------------------------------- 
Don Parker, GCIA 
Intrusion Detection Specialist 
Rigel Kent Security & Advisory Services Inc 
www.rigelksecurity.com 
ph :613.249.8340 
fax:613.249.8319 
-------------------------------------------- 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards