tag:blogger.com,1999:blog-4088979.post5789123634806200499..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: SecureWorks on Building and Sustaining a Security Operations CenterRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-4088979.post-47310858060668877702008-09-25T04:25:00.000-04:002008-09-25T04:25:00.000-04:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-11847018156709884372008-08-24T23:28:00.000-04:002008-08-24T23:28:00.000-04:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-21978437560349385162008-08-21T16:07:00.000-04:002008-08-21T16:07:00.000-04:00I would like to rely on a specific system to make ...I would like to rely on a specific system to make periodic scans and suggest possible vulnerabilities and patches, and then place the patching into a workflow system to be tracked. <BR/>This way, you get a good overview of where you are on security of the infrastructure, what needs to be done and at what time.<BR/>And then you can do comparison scan afterwards<BR/><BR/>Spirovski Bozidar<BR/>http://www.shortinfosec.netBozidar Spirovskihttps://www.blogger.com/profile/08748842042511112038noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-80438459155052137762008-08-19T17:25:00.000-04:002008-08-19T17:25:00.000-04:00Thanks for the coverage Richard. I frequent your b...Thanks for the coverage Richard. I frequent your blog quite regularly (one of your many subscribers) and it was good to hear your thoughts about our webcast. <BR/><BR/>I agree with you on device management. We should have specified "security device management" on the diagram to make it more clear. <BR/><BR/>As you said, when it comes to maintaining the hardware, keeping it patched, etc. it's usually the responsibility of IT. In our experience, more specialized tasks like tuning IDS/IPS signatures and managing firewall rulesets are the tasks left to security. <BR/><BR/>Just to confirm what the anonymous commenter said re: our client portal -- Yes, since the merger with LURHQ two years ago we've been using their portal platform which was a significant upgrade. Lots of work has gone into giving it SIM reporting functionality in regards to useful metrics, customization, workflow management, etc. <BR/><BR/>Come by our website or contact us for a demo and we'd be happy to walk you through it :) <BR/><BR/>Thanks again Richard!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-33706157532419535782008-08-19T14:44:00.000-04:002008-08-19T14:44:00.000-04:00It all comes down to the cost benefit comparison o...It all comes down to the cost benefit comparison or risk analysis. If my car is only worth $1,000 why bother installing an alarm and tracking system costing $1,200? However, I always argue on the side of future precautions where assets may accumulate value over time.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-5248650970681223732008-08-18T15:46:00.000-04:002008-08-18T15:46:00.000-04:00I've used SecureWorks for managed IDS systems in t...I've used SecureWorks for managed IDS systems in the past and they aren't too bad. For a smaller company the more eyes you can have on the data, the better. From what I've been reading, they are redoing their customer portal system, and it'll be interesting to see what changes they come up with to make the visible information more efficient.Anonymousnoreply@blogger.com