Firewall Wizards mailing list archives
Is your IDS output really being checked?
From: "Don Parker" <dparker () rigelksecurity com>
Date: Tue, 9 Mar 2004 18:23:36 -0500 (EST)
Hello guys/gals, not sure how on topic this is but thought it made for intersting reading, and possible discussion. Many of us have IDS's at our work place. The thing is just how diligently are the analysts actually parsing the output? Sheer redundance of false positives, and perhaps skill level I believe is causing a lot of valid IDS output to be outright deleted or ignored. Unavoidable really I suppose, human nature being what it is. The real question being; is there a way to ensure that the analyst is actually performing his/her job? Outside of spot checks and the such I don't see of a way to do so. It all really comes down to the individual being motivated enough to take pride in their work no matter how tedious at times imho. Any thoughts on this? Cheers! Don ------------------------------------------- Don Parker, GCIA Intrusion Detection Specialist Rigel Kent Security & Advisory Services Inc www.rigelksecurity.com ph :613.249.8340 fax:613.249.8319 -------------------------------------------- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Is your IDS output really being checked? Don Parker (Mar 11)