This blog has mainly been a place where I have shared interesting stories I have found while surfing the net. I've built a strong readership (steady 1000-1500 unique readers a day), so you must like my choice of news. I've create a new category call “Personal Note” where, when I can find the time, I will give some reflections and insights as a security consultant implementing a SIM product (Security Information Manager). I will still keep up the stuff you've grown to love, but am ready to give more back to the community.
This week I have been in Washington, D.C. training for the SIM product NeuSecure, the product that I will be consulting with for my new job. The product was originally developed by a company called Guarded.Net, who was purchased by Micromuse (makers of Netcool) in the fall of 2005. The marriage was a good fit, since gathering security data and network health data had the same topology: gather data from numerous devices and give meaningful output. Micromuse is now in the process of being bought by IBM and will be a division of the Tivoli team.
What I want to focus on today is how amazing NeuSecure is. I've used ArcSight and a few other SIMs and log aggregators before, so I knew what I was getting into. However, now that I know the power under the hood, my mouth is watering to go install this puppy everywhere. The logic is dead-on when it comes to correlating data from Firewalls, NIPS, HIPS, routers, vulnerability scanners, virus scanners, spam blockers, content filters, VPN concentrators, identity management systems, physical security, server logs, wireless APs, wireless IPS…. name it, NeuSecure can do it. It not only puts all the data together properly, it decides what is the “bad” guy through a complex series of statistical correlation, frequency analysis, susceptibility correlation, and rules engines to find the needle in the hay stack. Truely amazing stuff.
What's also impressive is the client list. While I can't give you exacts, let me tell you that a good majority of federal and military organizations use NeuSecure. In fact, we just landed a deal with the Navy and EyakTek. Many large telecoms and Fortune 500's use it too. And this was with Guard.Net, a small 50 person start-up. Thank what we will be able to do at IBM!
I think that my career has progressed forward and has led me to a nice pinnacle. I have been installing and configuring security point products my entire career. I spent the last few years architecting those solutions. Now I am gathering data from hundred or thousands of security point products and am able to see all the data. It's the crown jewels of security analysis for large operations.
I would love to get some more feedback on my personal notes, so feel free to post your opinion and tell me what you think. I will be relating more personal notes soon. Next week I will be at an Army base on the East Coast. I'll let you know how that goes. I hope I didn't come across too much like a corporate cheerleader, but I'm very excited about my new job.
PS – I will be at the RSA Conference. Come find me at the Micromuse booth!