By John Sawyer
June 12, 2009
A Special Analysis for Dark Reading
Information overload is one of information security professionals'
biggest enemies: The job of sorting through and making sense of event
data, and then acting on it in a timely manner, is crucial. A lack of
proper tools to manage that information can leave you floundering in
mountains of data -- unable to protect your sensitive IT resources.
A slew of commercial security information management (SIM) tools are
available that pinpoint events, systems, or areas of concern, and
provide you with actionable data. But these tools often come with a
hefty price tag, just as shrinking and nearly nonexistent budgets are
leaving infosec pros looking for alternatives to expensive commercial
solutions. Fortunately, there are several free and low-cost solutions --
from basic event correlation to complex asset management, monitoring,
and event correlation -- to consider.
SIM, which also comes in the form of security event management (SEM) and
security information and event management (SIEM), can keep track of
systems on a network and vulnerability-scan data for those systems and
events from an intrusion detection system (IDS) like Snort, for example.
So if a Conficker-infected host gets introduced into the network, the
SIM could correlate the IDS events with identified vulnerabilities, and
point first responders to the systems that are most likely to be
Keep in mind, free SIM options still require time to learn, configure,
and tune. The same holds true for commercial solutions, but the current
free and open source solutions suffer from a lack of documentation,
making the initial setup and configuration a much more difficult
process. However, several of the free solutions -- such as OSSIM and
Prelude -- are backed by companies that can be contracted for support.
Visit the InfoSec News security bookstore!