Security Information Management (SIM) Explored
Comprehensive information from users and experts about all aspects of Security Information Management (SIM, including SEM and SIEM). This section contains rich presentations and research on SIM.
| The Gartner 2010 CyberThreat Landscape |
| A strategic and data-rich look at the current CyberThreat landscape. This original report is filled with examples, data, graphics and guidance and covers: - Review of new and expected IT security threats - Cyber threat taxonomy - CIO strategies - Cybercrime as a service - definitions, examples, and data - Global attack sources - Critical Security processes The Resource contains the following recommendations: - Focus on a two-pronged strategy: 1) Get more efficient at dealing with old threats: platforms, vulnerability avoidance, sourcing. 2) Get more effective at dealing with new threats: Web security gateway, security in the cloud, application control, data protection. - Institutionalize a threat assessment step in all new business IT projects. - Protect the business first, demonstrate compliance later. Regulations are rarely a long-term friend to security. |
| Andrew Walls, Gartner |
| Log Consolidation and Security Event Management |
| A technical presentation on the role and value of Security Event Management (SEM/SIM) in the enterprise. Includes many examples and scenarios providing an excellent technical and functional look into SEM/SIM. |
| Ric Cox, Accuvant |
| A Practical Application of SIM/SEM/SIEM Automating Threat Identification |
| A 39-page Resource on the key aspects of SIM including SIM functions, reasons to use a SIM, real world examples, taxonomy of an attack, SIM selection criteria and SIM architecture. Highly recommended. |
| David Swift, SANS Institute |
| Security Information Management: Not Just the Next Big Thing |
| "SIM products...have a few core pieces that make them tick: centralized monitoring, reporting and policies. These products take information from the majority of the infrastructure (tools such as firewalls, routers, IDS sensors and AV scanners), put it all in a central location and let security managers decide what happens when certain events occur. Policies can be as simple as, 'If you see a virus, send me an e-mail,' to something more complex, such as, 'If you see what looks like a worm infection due to a sudden increase in logon failures and SMTP traffic from the same PC and it is on my remote network, notify the on-call IT staff.' Later on, to satisfy audit requirements, the consolidated database can be consulted. Some SIM products provide real-time monitoring of events as they come over the wire, while other vendors take a purely database-centered forensics approach." |
| Nicole Pauls, Information Systems Audit and Control Association |
« 1 | 2 | 3 | 4 | 5 | 6 | next »
