Security information management also referred to as SIM, is one of the fastest-growing enterprise security domains.Given the increase in the volumes of operational information streaming back and forth within organizations, the dedicated staff is no longer able to handle it manually.The SIM technology emerged as a response to IT managers need for automating the process of collecting, monitoring and analyzing event log data from security devices in large business networks.The present-day security information and event management tools leverage the best practices of data aggregation and event correlation to sort through logs generated by proxy servers, routers, switches, firewalls, intrusion detection systems IDS , intrusion prevention systems IPS , and antimalware suites.A significant benefit has to do with normalization features tasked with converting different types of reports into a unified format, typically XML, so that they can be further processed and analyzed within an all-in-one console.Aside from streamlining the process of collecting event logs as well as vulnerability and configuration reports, the industry s top SIM solutions accommodate real-time alerting mechanisms and active response features that take their functionality well beyond commonplace data harvesting.Related Article: Finding Comfort in the Cloud: Resolving Security Fears Around Cloud ComputingSecurity information management systems are complex and heterogeneous mechanisms that need to be fine-tuned to the specific enterprise environment and work in tandem with the organization s existing security policies.Although the decision-making part ultimately boils down to a human being, SIM can thwart well-orchestrated attacks against any organization and considerably enhance the efficiency of incident response if deployed correctly.There are plenty of commercial and open-source SIM products on the market, including Network Intelligence s enVision, Cisco Security MARS, Prism Microsystems EventTracker, Symantec Security Information Manager, TriGeo Network Security, and much more.When selecting a security information and event management tool that best fits your organization s needs, it makes sense to evaluate it against a checklist of several important criteria.Below are some of the questions that IT executives should ask the vendor when picking a worthwhile SIM product.How Does the Solution Scale?The product's ability to handle big volumes of data is an important factor, especially when it comes to safeguarding a large corporate environment.
To start with, IT managers should have accurate information on the number of devices that they want to collect event logs from.An important attribute to look at is the quantity of events per second that the SIM tool can capture, process and store in a proper way.
All in all, knowing whether or not the system can manage your IT infrastructure is imperative.Related Article: Internet of Things: Security, Compliance, Risks and OpportunitiesIs the SIM Compatible With Third-Party Security Products, IDS Systems, and Databases?Since the security information management system will complement the existing threat management and risk mitigation strategies within the enterprise, it s crucial to make sure that there will be no software conflicts and compatibility issues.Therefore, it s a good idea to scrutinize the product s compatibility with the installed antimalware, intrusion detection and prevention systems, vulnerability management technology and other defense solutions.
IT supervisors need to ascertain that the automated SIM engine can harvest, aggregate and correlate the data generated by these different systems to get the big picture of the overall security posture.In addition to the criterion of third-party software support, it s also important to find out whether the vendor provides a developer kit that allows the client to create custom integrations.Does the Tool Accommodate Log Management Features?Whereas compliance policies and regulations may be indistinct regarding the way that the organization must maintain logs from monitored devices, SIM solutions should deliver a one-size-fits-all functionality in terms of managing and archiving log data.Of course, these requirements are more rigid for financial institutions that need to comply with PCI DSS Payment Card Industry Data Security Standard and for enterprises that must follow SOX Sarbanes-Oxley Act regulations, but there is a certain degree of log managing and archiving obligation in either scenario.Professional IT managers will certainly favor a SIM product that s more flexible in this regard.
The contemporary malicious code can be polymorphic, where infections combine behavioral attributes of multiple unrelated threats.Consequently, complex events occurring in different parts of the company s digital environment may indicate the activity of an advanced persistent threat that obfuscates its presence.
The fact that SMBs have now come to employ these systems as well is certainly a good sign that the industry is on the right track.