Tuesday, April 21, 2009

Elvis Presents IDS vs NSM

When I teach Network Security Monitoring I often introduce the alternative using an image like the following. It shows what an analyst (here, Elvis) might do if the only data he had to work with as an alert from something like a traditional intrusion detection system.



Compare that workflow with the possibilities provided by Network Security Monitoring:



Usually when I present this concept I take the opportunity to mention that Elvis studied American Kenpo with the founder of the style, Ed Parker. I also mention that Elvis frequently performed karate on stage, even doing so at someone else's concert!

I decided to track down a reference for that particular story, and through Shane Peterson's Elvis and the Martial Arts found this:

Elvis attended the Tom Jones show on September 3rd [1974], during the show he was introduced to the crowd by Tom, at that moment he was invited on stage and Tom asked him if he'd like to sing something, it wasn't possible he said as he had an exclusive contract with the Hilton, so instead he went into a Kata demonstration on the Caesar's Palace stage.

I would prefer to include links to the Web pages where I found these, but since they are hosted on Tripod pages I don't want to kill the owner's bandwidth through unnecessary click-throughs. If you want to find the sources please do a Google search.

Richard Bejtlich is teaching new classes in Las Vegas in 2009. Early Las Vegas registration ends 1 May.

5 comments:

Anonymous said...

Richard: As a member of the Parker Kenpo family tree, American Kenpo is actually a 'system', not a 'style'. Grand Master Parker implemented the American Kenpo 'system' in his 'style', which is unique to every individual.

John Ward said...

Dang, I couldn't find the video footage. That would have been a trip, seeing Elvis do Long 1 :) You still study?

Anonymous said...

you have to see Bubba Ho-Thep – Bruce Campbell playing an old retired Elvis, kicking an ancient mummy's ASS with Elvis's karate...

Tommy S said...

Richard,
I have both a personal an a private interest in NSM. I'm wondering what is your preferred tool for collecting and storing information. Say you are handeling an incident and want to save all information you come across for reference. Which tool do you use?

Richard Bejtlich said...

Tommy S,

At the moment we use a Wiki and RTIR.