Bruce Schneier has posted an article on his BLOG (This originally appeared in the September/October 2004 issue of IEEE Security and Privacy Magazine):
in this he makes some very interesting point as security is achieved through procedures and the mind of people; by those analysts watching at those security consoles, and not the consoles themselves.[…] SIMS don't live up to the hype, because they're missing the essential ingredient that so many other computer security products lack: human intelligence.[…] The key to network security is people, not products. […]
these are some interesting passages, and I also like very much this other one:[…] SIMS require vigilance: […] staffing requires […] fulltime employees; […] and […] personnel with more specialized skills. Even if an organization could find the budget for all of these people, it would be very difficult to hire them in today's job market. And attacks against a single organization don't happen often enough to keep a team of this caliber engaged and interested.[…]
that is of the reasons I stopped being a 'security officer' lately, and I went back to what I've always liked most: working for a vendor.
Being on the *pure* defense side for long is not going to be appreciated by your very bosses – they might even find you're too expensive for you're giving them a very specialized service they don't even partially understand.
So let be it – when I go to this kind of companies and they are customers for me, they pay more for the same sort of job. And the job is less boring, for you study different situations, of different customers, different products in different environments. It keeps me busier and happier.
[…this thing kinda makes sense to me…]