How can you share information with other applications? A SIMs is, without question, a powerful part of a security infrastructure, but it can't do it alone. You'll need other hardware and software to deal with the incidents discovered by the SIM, and life will be easier if the SIM itself can handle some of the interaction with those other pieces of infrastructure. As you're looking at SIMs, think about how you want the humans in the security hierarchy to work with the automated systems. Do you want the systems to take care of as much as possible, then notify staff as to what has been done? Or do you want the humans to keep their hands on the controls while the systems provide intelligent help?
Some SIMs will work in either of these ways -- or in both, as you begin with humans in control and gradually give more authority to the system as you gain confidence in its capabilities. Ask the vendors about which model they follow so that you can zero in on those that match your deployment expectations.
How easy is the SIM to install and configure? This is the big wild card. As with virtually any category of hardware or software, there are products that are relatively easy to install, and there are some that will occupy your every waking moment for far too long. In most cases, deploying a SIM will break down into two lengthy tasks: arranging for the SIM to gather information from the network, and arranging for you to glean information from the SIM.
Getting information to the SIM varies in complexity depending on whether the SIM is collecting log files, gathering data from its own network of probes, or both. Initial efforts may be more or less dependent on how actively the SIM gathers its basic information. Does the SIM initiate scans of devices on the network, or does it simply sniff the traffic stream for events, assets, and suspicious traffic patterns?
In similar ways, the effort involved in configuring security monitoring and analysis can vary greatly depending on the degree of automation built into the SIM's installation routine. Some SIMs will put themselves into a configuration that's minimally useful by default. Others require you to step through an extensive setup routine. The payoff to this greater time investment is the system will, from the get-go, gather information tailored to your needs.
SIM vendors and solutions
This list is not intended to be exhaustive, and owing to merger and acquisition activity in the industry, it may go out of date without notice.
ArcSight
Solutions: ArcSight ESM; ArcSight Interactive Discovery; ArcSight Pattern Discovery
Cisco
Solution: CiscoWorks Security Information Management Solution (SIMS)
Computer Associates
Solution: CA Security Command Center
eIQnetworks
Solution: SecureVue
Enterasys
Solution: Dragon Security Command Console
High Tower
Solution: SEM 3200
netForensics
Solution: nFX SIM One
NitroSecurity
Solution: NitroView ESM
Novell
Solution: ZENworks Endpoint Security Manager
RSA
Solution: enVision Platform
Symantec
Solution: Symantec Security Information Manager
TriGeo
Solution: TriGeo Security Information Manager
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
Recommend This
