- slide 1 of 5
Definitions and General Info
Security Information Management (SIM) is the industry-specific term in computer security that refers to the collection of data (usually log files, such as event logs) into a central database for trend analysis. The data used by these systems usually comes from various security devices, e.g. firewalls, proxy servers, intrusion-detection systems and antivirus software. A SIM program translates that data into correlated and simplified formats, which are similar to those of network-management software. A SIM often normalizes that data into a common format, to allow better processing, such as through correlation analysis.
In general, a SIM tool comprises of server software, agents installed on security devices or on servers, and of course a central management console. All that software monitors the system for abnormal behavior and provides reports to the user based on its analysis. As the Security Information Management software’s information has to do with event data mainly, SIM programs are often called Security Event Management (SEM) tools.
- slide 2 of 5
Main Advantages of SIM Software
All the information that security programs acquire and store in their logs often amounts to very large quantities, making it infeasible for someone to process it properly. In addition, the cost of a security breach in a system can be quite high, especially if the system at hand contains sensitive data (often irreplaceable). Therefore, the need of a program to manage all that becomes apparent. A SIM program does exactly that and is an essential component of any organization’s computer systems.
However, there is more to the story. A SIM also provides reports, which allow the user to have an understanding of what is happening, and in some cases take action. With the intrusion attempts growing more and more sophisticated and in larger numbers, often the specialized security software being used may miss certain compromises of security, which don’t comply with the known hacking attack / virus signatures. However, a SIM may capture this event and, even if it doesn’t sound an alarm, it may bring it to the user’s attention for further examination.
Finally, a SIM program is more reliable in its alerts than a single computer security device. This is because it takes into account various sources and compares the output of each one of them with the others.
- slide 3 of 5
Some Options for Security Information Management Software
Nowadays there is a large variety of programs that you can use for SIM. The ones that are considered more worthwhile are the following:
- ArcSight ESM
- High Tower Software Security Event Manager
- LogLogic ST 3000 and LX 2000
- Network Intelligence enVision
- OpenService Security Threat Manager 3.5
- Q1 Labs QRadar
- SenSage Enterprise Security Analytics
- Symantec Security Information Manager 9500
- slide 4 of 5
Security Information Management software can make a big difference to your computer system, especially if you handle a lot of sensitive data that may attract intruders or malicious software. Although such a program cannot solve all your computer’s problems, it can help a lot in its protection and offer you some peace of mind. If you are interested in learning more about related topics, check this web page.
- slide 5 of 5
- J.L. Bayuk (2007). Stepping Through the InfoSec Program. ISACA. pp. 97.
- Various computer security related artciles: //www.brighthub.com/computing/smb-security.aspx
- Greg Robinson, July 2008. "NBA All-Stars: Network Behavior Analysis".
Image source: www.dashboardinsight.com
Note: all URLs were last accessed in May 2011