The need for Security Event Managers
0 Comments
Check Point just made the news announcing a new product, Eventia Analyzer, entering in the small but profitable niche of SIM/SEM (Security Information Manager / Security Event Manager), and expanding its security offering as announced at the end of 2003.
Just to summarize, a SIM/SEM is a collector of events coming from different sources in your IT infrastructure, from network devices to services running on several datacenters servers.
The mission is providing the security manager a complete vision of what’s happening in his network and, at the warning alert rising, recognize all systems affected by the same harmful event.
The difficult is being able to manage tents of different platforms, each with a proprietary logging system, and to correlate events excluding false positives.
I personally believe these products value is huge (and their price seems to reflect my opinion) and budget investment on them more than justified. Much more than acquiring other, often less useful, security products.
At today companies literally stack industrial quantities of security products in their networks, believing their adoption would save them from risks and threats.
Contrariwise all these tools are useless if not properly configured and if proper management staff doesn’t maintain them.
At the same time trying to analyze their logs is worthless if they are not re contextualized in the overall flow of informations a datacenter can generate every day.
Where is the sense in spending thousand of dollars in technologies if you are not even able to immediately understand that your LAN’s clients cannot reach Internet because there is an error on DNS server and not because the company’s routers are under a Denial of Service attack?
If it is true that security is the maximum knowledge or your own technologies, then SIM/SEM are the first step to reach that security.
Just to summarize, a SIM/SEM is a collector of events coming from different sources in your IT infrastructure, from network devices to services running on several datacenters servers.
The mission is providing the security manager a complete vision of what’s happening in his network and, at the warning alert rising, recognize all systems affected by the same harmful event.
The difficult is being able to manage tents of different platforms, each with a proprietary logging system, and to correlate events excluding false positives.
I personally believe these products value is huge (and their price seems to reflect my opinion) and budget investment on them more than justified. Much more than acquiring other, often less useful, security products.
At today companies literally stack industrial quantities of security products in their networks, believing their adoption would save them from risks and threats.
Contrariwise all these tools are useless if not properly configured and if proper management staff doesn’t maintain them.
At the same time trying to analyze their logs is worthless if they are not re contextualized in the overall flow of informations a datacenter can generate every day.
Where is the sense in spending thousand of dollars in technologies if you are not even able to immediately understand that your LAN’s clients cannot reach Internet because there is an error on DNS server and not because the company’s routers are under a Denial of Service attack?
If it is true that security is the maximum knowledge or your own technologies, then SIM/SEM are the first step to reach that security.
Most Recent Articles
0 Comments:
Post a Comment
Links to this article:
Stay up to date |
|