2011年6月9日,SC Magazine UK上有一篇博文:What did SIEM ever do for your business? 文章采访了两位前ArcSight的英国雇员,他们说到目前SIEM产品的一个问题就在于人们不理解SIEM是什么,以及能做什么。事实上再好的工具如果没有用起来也是白搭(a problem with SIEM is that people do not understand what it does and what it can do and it is all well buying tools but if the technology is not being used correctly it is a poor investment)。的确,SIEM作为解决复杂问题的产品其自身也很复杂。
【体会】也正是由于这种复杂性阻碍了SIEM技术和产品的大发展。安管平台何尝不是如此?
