Marty Roesch, the author of the popular Snort freeware intrusion detection system, whom I caught up with at this months RSA Security Conference, told me that, vendor hype notwithstanding, none of the products at the show really work with one another.
Worse, Roesch said, “there is no one product that can tie all the information from these tools together.” IT managers should take this observation to heart when implementing a security strategy because many vendors tout integration as a feature of their products.
Most security products produce copious log files and alerts, but each sends this information to its own console. Roesch said there isnt much hope for the emergence of a standards body that can generalize interoperability and validate claims made by vendors.