What is the Intrusion Detection Systems
Management Survey?
Firewalls and IDSs are useful, but they only protect your security perimeter.
A new technology called self-securing devices could allow inexpensive
firewalling and intrusion detection on every desktop in your enterprise.
But how would you manage them all?
We'd like you to share some of your intrusion detection experience
and expertise with us, so we can create tools for easily and effectively
administering IDSs on every desktop, helping you increase your security
against both internal and external threats.
You can fill out the survey here:
Go to survey
Anonymized, summary results will be made available to anyone who participates.
Project Details
I am developing a software tool called Castellan for managing a distributed
intrusion detection system. Our IDS is based on self-securing network
interfaces and storage - devices that erect their own security perimeters
and protect their resources from intruder tampering. We envision these
devices being deployed on many computer throughout the enterprise, giving
a widely distributed IDS.
So that I can design and build a tool that is well-suited for network
administrators, I am trying to gather more information about how network
administrators work, especially about how they use IDSs. Some of the
specific questions I am trying to answer are: What do they like and
dislike about the interfaces of their current IDSs? Approximately how
many alerts do they receive per hour or day? How do they view security
alerts (e.g., graphically, as tables, as a plain-text log)?
I believe this project will lead to improved security for large organizations,
because it will enable effective use of distributed IDSs. Any assistance
you could provide would be greatly appreciated.
For more information, visit the Castellan web
page.
Contact Info
For comments or questions about the project or survey content, contact
chrisl+survey@cs.cmu.edu.
|