Tuesday, January 16, 2007

Comments on ISSA Journal Article

It's been 2 1/2 years since my first book was published, although I've been writing and speaking about Network Security Monitoring (NSM) for at least five years. I'm starting to see ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r people cite my works, which is neat. It also means people are starting to criticize what I wrote, so I need to elaborate on some ideas.

The December 2006 ISSA Journal includes an article by Robert Graham titled Detection Isn’t Optional: Monitoring-in-depth. (No, it's not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Robert Graham of Black Ice/ISS fame. This is a different person.)

The implication of this article is that NSM is insufficient because it does not integrate SNMP data, event logs, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r sources. I do not disagree with this assessment. The reason I focus on NSM is that I start from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 premise of self-reliance. In many enterprises, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security team does not have access to SNMP data from infrastructure devices. That belongs to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 networking team. They also might not have access to event logs, since those are owned by system administrators. In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se situations, security analysts are left analyzing whatever data cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y can collect independently -- hence NSM.

Granted, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NSM definition I proposed is far too wide to apply strictly to traffic-centric monitoring. As I wrote previously I'm going to revise cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NSM definition prior to writing a second edition of Tao. I think it makes sense to think of monitoring within this skeleton framework:

  • Enterprise Monitoring


    • Performance Monitoring

    • Fault Monitoring

    • Security Monitoring


      • Network- (i.e., traffic) centric

      • Infrastructure-centric

      • Host-centric

      • Application-centric


    • Compliance Monitoring



Here you see that I consider NSM to be a single part of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security aspect of enterprise situational awareness. NSM is not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 be-all, end-all approach to solving enterprise problems. If I had tried to tackle this entire issue my first book could have been 2400 pages instead of 800. If you've read my blog for a while you'll remember seeing me review books on Nagios and host integrity monitoring and also commenting on SNMP. I do all this because I recognize cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 value of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r data sources.

1 comment:

igfire said...
This comment has been removed by a blog administrator.