Hi Bruce, actually I have found that the best way to achieve 'situational awareness' is via monitoring as many internal and external sources of information as possible. Ideally a dashboard would be composed of both technical feeds of data such as logs and IDS/IPS as well as what I term Cyber Threat Intelligence (CTI). There are commercial and open source methods of collecting these.
I presented on this at SANSFire 2009: https://www.sans.org/webcasts/sansfire-2009-developing-cyber-threat-intelligence-92553 Cheers, Adrien On Fri, Apr 29, 2011 at 10:27 AM, Bruce Barnett <[email protected]> wrote: > I'm trying to collect some ideas on how customers can do a better job on > determining their "situational awareness." > I'm looking for tools, standards, metrics, visualization techniques, best > practices, etc. > > Off the top of my head, I can think of some basic categories > ICMP and ping-based tools > SNMP (scotty, tkined, HP OpenView) > Nmap - in a class by itself > Patch management tools > Vulnerability Scanners > > Does anyone know of any resources/web links on this topic? > Best Practices? > > > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Cheers, Adrien de Beaupre SANS Internet Storm Center Handler --- Note: The SANS Handlers is a group of approximately 30 volunteer incident handlers. You may receive responses from other individuals on that list. Also, please direct all communication to [email protected], so that everyone is kept "in the loop. _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
