Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Enterprise Intrusion Analysis, Part One
Stephen Barish

We all remember the early days of intrusion-detection systems — IDS was supposed to be the silver bullet that ensured the security of our enterprises against every conceivable attack. It was the same premise that the firewall industry and the giant antivirus conglomerates were built around: Buy our product and your worries are over.

Comments Mode:
Enterprise Intrusion Analysis, Part One 2009-04-09
Bob walsh
I am sorry but i really do not appreciate the certification metric.

Putting emphasis on cert might get you somone that is in security for cash rather than someone who is really understanding what he is doing.

Not to forget that CPE are ofent spoofed, not to mention the amout of fake mentoring t...

[ more ]  [ reply ]
Enterprise Intrusion Analysis, Part One 2009-04-14
Anonymous
I don't get the cert matrix in this article either. You would be better off listing actual skills you need to know, and not simply state years of experience. Also, the whole article is weak and just a rehash of already beaten to death informaiton....

[ more ]  [ reply ]
Enterprise Intrusion Analysis, Part One 2009-04-17
Anonymous
Just a bit anal about the certs there. Sadly rubber stamp != clue...

[ more ]  [ reply ]
Enterprise Intrusion Analysis, Part One 2009-04-22
DW (2 replies)
To all the other posters-- please get off the cert hate train. I've been doing this for over 15 years and qualifications are a legitimate concern. While we're at it, lets not hire CS grads-- afterall they might not have a clue about how to operate in a large environment.

By the way, the autho...

[ more ]  [ reply ]
Re: Enterprise Intrusion Analysis, Part One 2009-04-22
Anonymous (1 replies)
Cert haters? Does our training measure up to what the much ballyhooed GIAC? Give me a break. GIAC is only still around because there is no real competition. Their training is way overriced, teaching material outdated, questionable teachers (some good, some quite poor). If you are using GIAC as your ...

[ more ]  [ reply ]
Re: Re: Enterprise Intrusion Analysis, Part One 2009-10-07
Jose
Understand that certifications in the DoD do one thing it gives a measure of your abilities and that you understand the field. After that the training I have received is very comprehensive a above what GIAC and anyone else may offer.

It is a baseline for the real goodies, the vast majority here...

[ more ]  [ reply ]
Re: Enterprise Intrusion Analysis, Part One 2009-04-23
Ichinin
ok, and what exactly makes you a good analyst with a CISSP? Is a 4-5 day CISSP bootcamp course better than having worked as a network tech with IDS systems and auditing logs? At the course, do you get to learn to fine tune your analytical skills? Or do you learn to weed out false positives? Anything...

[ more ]  [ reply ]
Enterprise Intrusion Analysis, Part One 2009-06-15
Anonymous
WOW.

Is there any provision in opinion for a blend of certification and work experience? Don't forget that you need at least 5 yrs industry experience to sit the exam for the CISSP...

Qualifications have their place, in terms of either a starting point or ratification of a wide skill-set. Wor...

[ more ]  [ reply ]
Enterprise Intrusion Analysis, Part One 2009-06-28
Anonymous (1 replies)
Do the bad guys have certifications? So what makes everyone think that having a certification and / degree will enable the creation of a skilled workforce.

...

[ more ]  [ reply ]
Re: Enterprise Intrusion Analysis, Part One 2009-07-16
Anonymous (1 replies)
Another negative argument. What is your real point? People are assumed to be skilled and educated? Didn't you have to show proof of high school diploma and your SSN to get your first job? Or should everyone assume you are a citizen and made it through school? Everyone here keeps confusing matters: ...

[ more ]  [ reply ]
Re: Re: Enterprise Intrusion Analysis, Part One 2009-08-24
Anonymous
Another imaginative situation. Driving a car and reading/tuning IDS/IPS systems are two different things.

But you probably want people to have a certificate to go to the bathroom too?

...

[ more ]  [ reply ]
Enterprise Intrusion Analysis, Part One 2009-07-16
Anonymous
Good overview article, and I don't see a problem with listing certs/degrees/year of exp. IT Security is becoming a more mature career field, and as such it will have certain hurdles to clear to work in it. Certifications are one measure of basic knowledge, not a complete solution. But who is going t...

[ more ]  [ reply ]
Enterprise Intrusion Analysis, Part One 2009-07-21
Anonymous
We have many Certification bodies ,which issue ISO27001 certfication, what is shocking is the auditors employed by these companies are not all techical people, how do you expect the company to have good security policy?...

[ more ]  [ reply ]
Enterprise Intrusion Analysis, Part One 2009-08-20
Anonymous
This is a good start, but the analysis would have been more useful explaining the varuios deployment options for IDS - Pros and Cons. Lets be real - IDS on the outside only of your network monitoring the Internet is lots of traffic that a majority should not even be looked at. This traffic just burn...

[ more ]  [ reply ]
Enterprise Intrusion Analysis, Part One 2009-10-26
Anonymous
The cert argument is a old one. Having a cert (book smart) only means you passed the test. Having years of experience without certs can mean a few things, such as tying your shoe a zillion times, after that we all agree you can tie your shoes and you can do it well. Having years of experience and be...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus