I was very excited to read about TCG IF-MAP on Chris Hoff's blog last week. Chris found that interesting as something that could bring some light to the "cloud nightmare" and to virtualization issues.I like IF-MAP, however, because it raises the security intelligence level on the network. Today most of SIEM installations are working mostly with information from network devices and concentration points, like firewalls and IPSes. There are a lot of things happening in the endpoint world, behind those enforcement points, that is not usually detected and feed into correlation systems. IF-MAP seems to be a nice way to leverage security information along security tools, including SIEMs, to allow better correlation. Look at this example from the
Share this post
TCG IF-MAP
Share this post
I was very excited to read about TCG IF-MAP on Chris Hoff's blog last week. Chris found that interesting as something that could bring some light to the "cloud nightmare" and to virtualization issues.I like IF-MAP, however, because it raises the security intelligence level on the network. Today most of SIEM installations are working mostly with information from network devices and concentration points, like firewalls and IPSes. There are a lot of things happening in the endpoint world, behind those enforcement points, that is not usually detected and feed into correlation systems. IF-MAP seems to be a nice way to leverage security information along security tools, including SIEMs, to allow better correlation. Look at this example from the