IDS mailing list archives
Re: Random IDS Thoughts [WAS: Re: IDS thoughts]
From: "Anton A. Chuvakin" <anton () chuvakin org>
Date: Mon, 16 Jun 2003 17:36:00 -0400 (EDT)
2) Things work for themselves only : What I mean here is that security can
...
it. I'll take the liberty to quote Marcus Ranum here from his speech at Seguridad en Computo 2003 (Mexico City), where he said that event correlation engines are practically nothing more than a software than instead of displaying 60 000 times the same king of event logged, will give one event saying that this have occured 60 000 times. Not much more of an
With all due respects to Marcus Ranum, this is not the state of the art in log analysis, not by a long shot. Correlation now is much more than aggregation of that sort. And "automated analysis" is also quite possible. It still requires a human at some stage though :-) Best, -- Anton A. Chuvakin, Ph.D., GCI* http://www.chuvakin.org http://www.info-secure.org ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts], (continued)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Roger A. Grimes (Jun 07)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Mike Lyman (Jun 07)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Roger A. Grimes (Jun 07)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] Stefano Zanero (Jun 02)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] Magnus Almgren (Jun 03)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] SecurIT Informatique Inc. (Jun 03)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Steven Rudolph (Jun 12)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Mike Lyman (Jun 13)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] Bill Royds (Jun 13)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] oudot laurent (Jun 17)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] Devdas Bhagat (Jun 14)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] Anton A. Chuvakin (Jun 17)