Hacker News new | past | comments | ask | show | jobs | submit login

They shouldn’t look into it though, is the point. He’s not being elitist or gatekeeping. He’s saying that because managing a SIEM is going to be a huge waste of resources for anyone but a dedicated incident response team.

I suspect that a layperson, they might be getting the impression that this will alert them to security incidents. It will not really do that. It is not an intrusion detection system (which also are not very useful, but I digress). It will be 99.9999999% noise, and an experienced team will have a sense of what they should bother paying attention to, and still spend most of their time chasing dead ends.

It would be like if someone announced the release of a compiler, without explaining what a compiler is. Someone might reasonably say, if you don’t know what a compiler is, this isn’t solving a problem that you’re worried about.






Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: