Security Information Management (SIM) Explored
Comprehensive information from users and experts about all aspects of Security Information Management (SIM, including SEM and SIEM). This section contains rich presentations and research on SIM.
| Log Consolidation and Security Event Management |
| A technical presentation on the role and value of Security Event Management (SEM/SIM) in the enterprise. Includes many examples and scenarios providing an excellent technical and functional look into SEM/SIM. |
| Ric Cox, Accuvant |
| A Practical Application of SIM/SEM/SIEM Automating Threat Identification |
| A 39-page Resource on the key aspects of SIM including SIM functions, reasons to use a SIM, real world examples, taxonomy of an attack, SIM selection criteria and SIM architecture. Highly recommended. |
| David Swift, SANS Institute |
| Security Information Management: Not Just the Next Big Thing |
| "SIM products...have a few core pieces that make them tick: centralized monitoring, reporting and policies. These products take information from the majority of the infrastructure (tools such as firewalls, routers, IDS sensors and AV scanners), put it all in a central location and let security managers decide what happens when certain events occur. Policies can be as simple as, 'If you see a virus, send me an e-mail,' to something more complex, such as, 'If you see what looks like a worm infection due to a sudden increase in logon failures and SMTP traffic from the same PC and it is on my remote network, notify the on-call IT staff.' Later on, to satisfy audit requirements, the consolidated database can be consulted. Some SIM products provide real-time monitoring of events as they come over the wire, while other vendors take a purely database-centered forensics approach." |
| Nicole Pauls, Information Systems Audit and Control Association |
| The Simple Facts Behind Security Information Management |
| A solid introduction to the basics of SIM, including a look at SIM's evolution and heritage. From the article: "SIM software, sometimes packaged by vendors on optimized appliances, uses product architectures similar to those found in traditional network-management tools but incorporates security intelligence, threat knowledge and compliance expertise to help IT executives better manage their security infrastructure and potential enterprise risk." |
| Denise Dubie, Network World |
| Three Different Flavors Of Security Information Management |
| A crisp look at SIM including SIM's functions, history, reasons for buying, and implementation. Includes many interesting charts and graphics, including a pie chart representing the reasons people buy SIM (from a Forrester survey). Strongly recommended. |
| Paul Stamp, Forrester Research |
| Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures |
| Bar none, the most-comprehensive and helpful resource about SIM you will find. Chapter 3 of this book, Enterprise Security Management, is fully available in this document. The author calls SIM Enterprise Security Management (ESM). |
| Brian Contos and Dave Kleiman |
| FREE PDF DOWNLOADS: Security Information Management Resource Guide |
| Download in PDF format the top Resources from this Resource Guide (simbuyer.com). Choose from: - Beginner's Guide to SIM - IT Manager's Guide to SIM - SIM Best Practices Guide |
| NorthPage Research |
