SIEM是死是活?

针对eIQ抛出来的SIEM已死的论断,2011年9月22日的NetworkWorld也加入了讨论。这次有更多的业内人士表达了自己的观点,总的来说——SIEM还没有到讨论生死的时候。

著名的Anton Chuvakin说,no single security measure is adequate on its own, but that SIEM is a tool, and still a good one. "If the question is, 'Does it stop hackers?' then the answer is no. It's not supposed to stop anything," he says. "It is a monitoring technology, and it is still effective -- more so than before."

另一个CEO说, "every year we go 'round and 'round, saying 'X' technology is dead," but he says the reality is what he declared in a recent speech: "The era of declaring a specific technology dead is dead."

对于态势感知,大家倒是都有所感触,Both sides also agree that situational awareness is not a piece of software that can simply be dropped into a system to provide better security. "Situational awareness does not come in a box," Chuvakin says.

你可能感兴趣的:(安全管理,SOC,Siem,态势感知,安全事件管理)