IDS mailing list archives
Question on resources needed to manage IDSes
From: kgeorgiades () toplayer com
Date: Mon, 1 Dec 2003 10:16:17 -0500
Everyone seems to be talking about the large volume of alarms and logs produced by IDSes. Managing IDSes and dealing with false alarms seems to be an issue that all IDS vendor are trying to address. Has any one of you seen any data on how many analysts (resources) are needed to manage IDSes in enterprises? I am looking for a rule of thumb, something like this: 1-5 IDS sensors - 1 Analyst 5-15 IDS sensors -2 Analysts 15-50 IDS sensors- 3 Analysts 1 Analyst for every 30 additional IDS sensors. I will appreciate any feedback that I can get. Thanks, Kyriacos (Ken) Georgiades Senior Director, Product Line Management Top Layer Networks, Inc Tel: 508 870 1300 x 231 Cell: 508 783 5988 Fax: 508 870 9797 Email: kgeorgiades () toplayer com www.toplayer.com --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Question on resources needed to manage IDSes kgeorgiades (Dec 01)
- Re: Question on resources needed to manage IDSes Peter Schawacker (Dec 01)
- Re: Question on resources needed to manage IDSes Andy Cuff [Talisker] (Dec 01)
- Re: Question on resources needed to manage IDSes Jack Whitsitt (jofny) (Dec 02)
- <Possible follow-ups>
- Re: Question on resources needed to manage IDSes simonis (Dec 02)
- Re: Question on resources needed to manage IDSes Jeff Nathan (Dec 02)
- Re: Question on resources needed to manage IDSes Anton A. Chuvakin (Dec 09)
- Re: Question on resources needed to manage IDSes Jeff Nathan (Dec 10)
- Re: Question on resources needed to manage IDSes Jeff Nathan (Dec 02)
- Re: Question on resources needed to manage IDSes Terence Runge (Dec 02)
- RE: Question on resources needed to manage IDSes Kohlenberg, Toby (Dec 03)
- RE: Question on resources needed to manage IDSes Teicher, Mark (Mark) (Dec 03)