Hi,

    Ron I noticed your email is enterasys.com. You guys sell Dragon IDS. I
find it interesting you are asking a question like this. As for staffing,
security personal come in all shape and sizes. It's up to the organization
to fill a spectrum skill set in that group. Most products work well on there
own and have no need to have a full dedicated person monitoring it. They
even have managed server to were all NIDS and or HIDS report to.

P.S. Can you guys please add that to your product, that is one thing it
lacks is real-time monitoring.
----- Original Message -----
From: "Ron Gula" <rgulaENTERASYS.COM>
To: <FOCUS-IDSSECURITYFOCUS.COM>
Sent: Wednesday, January 17, 2001 2:34 PM
Subject: Re: Staffing an Intrusion Detection Capability?

> Hello Al,
>
> For our customers with the Dragon IDS, I see organizations
> of about 3000 people deploying anywhere between 2 to 8
> dedicated security folks. There are grey areas such as the
> relationship to physical security, who runs/operates the
> firewalls and who does incident response. But to answer
> your questions based on our type of customers it would be:
>
> >Does your organization have a dedicated ID staff?
>
> Yes. Most do.
>
> >If so, how large is this staff? If not, where do you
> >draw the staff from?
>
> 2 - 8 people with mixed skilled sets. Either the 2 people
> are 'experts' or the 8 people have specific focuses such
> as firewalls, NT systems, etc.
>
> >What skills do you look for in ID staff?
>
> Familiarity in security threats and operational experience.
> I've seen a lot of brilliant security folks not do well
> working with other folks.
>
> >Is the ID staff integrated with the incident response
> >staff?
>
> Yes, but there is usually a break between folks who run
> the IDS stuff and folks who do things like physical investigations
> of employee computers.
>
> One other thought that you should consider (if you have not)
> is the possibility of a managed IDS solution.
>
> Ron Gula
> VP IDS Products
> Enterasys Networks
> http://www.enterasys.com/ids
> http://www.securitywizards.com
>
>
> At 03:04 PM 1/17/01 -0000, you wrote:
> >My company (an organization of approximately 3000
> >people in the financial industry and which is doing an
> >increasing amount of business on the Internet) is
> >currently putting together a plan for an intrusion
> >detection and incident response capability.
> >
> >I am curious to hear what other organizations of a
> >similar size are doing regarding staffing such a
> >capability.
> >
> >Does your organization have a dedicated ID staff?
> >
> >If so, how large is this staff? If not, where do you
> >draw the staff from?
> >
> >What skills do you look for in ID staff?
> >
> >Is the ID staff integrated with the incident response
> >staff?
> >
> >If anyone has a job description for members of such
> >a staff that they would be willing to post, that would be
> >great.
> >
> >I look forward to some interesting discussion on this
> >topic!
> >
> >Al
> >
> >
> >
> >
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]