Comments on: Evaluating Security Startups http://www.zhen.org/zen20/2005/11/21/evaluating-security-startups/ Wed, 28 Jul 2010 14:02:13 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Raffy http://www.zhen.org/zen20/2005/11/21/evaluating-security-startups/comment-page-1/#comment-408 Raffy Sun, 22 Jan 2006 09:58:59 +0000 http://www.zhen.org/blog/?p=147#comment-408 Well, I agree with the article. I would love to get rid of my SEM/SIEM/ESM/... solution and have border devices block the ATTACKS. Here's the catch: Point solutions are: - a pain to manage (you need to update them all, etc.) - see only part of the picture (they are POINT-solutions) - don't know the business-relevance of the assets they protect (well, you could argue that they should, but have you configured 200 firewalls, 100 NIPS, 2000 HIDS, 2000 Operating Systems, 50 routers, etc. to know the business relevance of all your assets? - how do you audit? Not at all? Have you had auditors for SOX in house? Well, get those logs from all your boxes and show that they really implement what you are claiming! (Have fun collecting logs from around 1000 different sources) I could go on and on. I think the problem is that a lot of people still do not have a clue what a SIM/SEM/SIEM/ESM is. Well, I agree with the article. I would love to get rid of my SEM/SIEM/ESM/… solution and have border devices block the ATTACKS. Here’s the catch: Point solutions are:
- a pain to manage (you need to update them all, etc.)
- see only part of the picture (they are POINT-solutions)
- don’t know the business-relevance of the assets they protect (well, you could argue that they should, but have you configured 200 firewalls, 100 NIPS, 2000 HIDS, 2000 Operating Systems, 50 routers, etc. to know the business relevance of all your assets?
- how do you audit? Not at all? Have you had auditors for SOX in house? Well, get those logs from all your boxes and show that they really implement what you are claiming! (Have fun collecting logs from around 1000 different sources)

I could go on and on. I think the problem is that a lot of people still do not have a clue what a SIM/SEM/SIEM/ESM is.

]]>