- False positives in correlation rules
- Burden on the IS organization by requiring full-time monitoring
- A taxing incident-response process
- An inability to monitor events at rates greater than 10.000 events per second
- High cost of maintaining and build new adapters
- Complexity of modeling environment
Wednesday, June 25, 2008
SIEM dead, time for search?
This is what Raffy is saying:"Some of the problems I see with Security Information Management are (the first four are adapted from the Gartner IDS press release):
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment