The December 2006 ISSA Journal includes an article by Robert Graham titled Detection Isn’t Optional: Monitoring-in-depth. (No, it's not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Robert Graham of Black Ice/ISS fame. This is a different person.)
The implication of this article is that NSM is insufficient because it does not integrate SNMP data, event logs, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r sources. I do not disagree with this assessment. The reason I focus on NSM is that I start from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 premise of self-reliance. In many enterprises, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security team does not have access to SNMP data from infrastructure devices. That belongs to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 networking team. They also might not have access to event logs, since those are owned by system administrators. In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se situations, security analysts are left analyzing whatever data cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y can collect independently -- hence NSM.
Granted, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NSM definition I proposed is far too wide to apply strictly to traffic-centric monitoring. As I wrote previously I'm going to revise cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NSM definition prior to writing a second edition of Tao. I think it makes sense to think of monitoring within this skeleton framework:
- Enterprise Monitoring
- Performance Monitoring
- Fault Monitoring
- Security Monitoring
- Network- (i.e., traffic) centric
- Infrastructure-centric
- Host-centric
- Application-centric
- Compliance Monitoring
Here you see that I consider NSM to be a single part of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security aspect of enterprise situational awareness. NSM is not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 be-all, end-all approach to solving enterprise problems. If I had tried to tackle this entire issue my first book could have been 2400 pages instead of 800. If you've read my blog for a while you'll remember seeing me review books on Nagios and host integrity monitoring and also commenting on SNMP. I do all this because I recognize cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 value of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r data sources.
1 comment:
Post a Comment