Data Center Security

Hello everyone,

I have been using SEP for years. It is obvious when a risk or threat is detected. It is identifed in the logs and you may get a pop-up.

I have recently started using Symantec Data Center Security. From what it looks like there are MANY events generated. Out of all of these events how do you identify that you actually have an intrussion incident as opposed to one of 10,000 other benign logged event?

Kind regards

Cameron

Are you referring to DCS:SA (old name Critical System Protection) or the AV product DCS:S?

DCS:SA

Essentially you needed to have finely tuned the policy enough such that no events or very little events are logged in normal running.  If you're getting thousands and thousands of events then the policy is noway near ready for production.

yes u have to fine tune the policy and also you can use search feature in DCS  server console which helps to identify the intrusion detection 

Anyone aware of training options for DCS - don't see anything avalaible from Symantec.

http://www.symantec.com/products-solutions/training/theme.jsp?themeid=courses

DCS training is quite few and far between.  I suggest contacting a training partner of Symantec, as they can arrange DCS training for you, as training for this product is usually reserved for partners.