work and IT @ 22 Sep 2008 10:58 am by ayoi
Hehehe. This is what I’ve discovered when I attended an intra department meeting last week. One of our representative in marketing said that one of the clients did mention that one of the main reasons why we loose this particular client because our competitor’s tool is impressive and “attractive” compared to the ones that we have. Kewl eh?. I thought :
a). Tools are just to assist analyst in executing or making their judgement on identifying any possible security incidents or security policy breached.
b). It is important for the analysts to be able interpreting or understand on the information presented to them by the tool. Also they need to know the decision making logics and the working mechanism of the tool. Yes, it also means that you need to know all the features offered by the tools in order to find all the necessary information needed to assist your analysis. A good tool perhaps that can function as aggregation and also for investigation as well.
Perhaps this could be a good topic for my tentative talk during the infosec.my Technical Forum later next month. Network Security: The 3 key elements. 
