> On the subject of SIMs and vulnerability analysis scans...has anyone
> actually found this feature to be useful?
> 1) I can't even imaging letting my SIM scan the network in such an adhoc
> manner. It doesn't help that none of the vendors seem to bother with
> providing much in the way of documentation of the process. I'm in a wacky
> world where an outtage is almost never trivial;-) I've used Nessus enough
> to know that it WILL eventually cause an outtage.
I think you misunderstand what a SIM does with respect to vulnerability
scans. SIMs import scans from vulnerability scanners that you have
deployed. For example from Nessus. I think I remember that there is one
product (not even sure if it is a SIM) that does ad-hoc scans for events
it gets. That's just not a good idea, introduces a lot of latency (so
doesn't scale) and has the problems you outline. Again. In general, SIMs
import vuln-scans, they don't scan themselves.
-raffy
--
Raffael Marty, GCIA, CISSP [EMAIL PROTECTED]
Senior Security Engineer Strategic Application Solutions
ArcSight, Inc. +1 (408) 864 2662
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
