AOH :: ISNQ5092.HTM

Tech Insight: Free SIM Tools Save Money -- And Maybe Your Data




Tech Insight: Free SIM Tools Save Money -- And Maybe Your Data
Tech Insight: Free SIM Tools Save Money -- And Maybe Your Data



http://darkreading.com/security/management/showArticle.jhtml?articleID=217800973 

By John Sawyer
DarkReading
June 12, 2009

A Special Analysis for Dark Reading

Information overload is one of information security professionals' 
biggest enemies: The job of sorting through and making sense of event 
data, and then acting on it in a timely manner, is crucial. A lack of 
proper tools to manage that information can leave you floundering in 
mountains of data -- unable to protect your sensitive IT resources.

A slew of commercial security information management (SIM) tools are 
available that pinpoint events, systems, or areas of concern, and 
provide you with actionable data. But these tools often come with a 
hefty price tag, just as shrinking and nearly nonexistent budgets are 
leaving infosec pros looking for alternatives to expensive commercial 
solutions. Fortunately, there are several free and low-cost solutions -- 
from basic event correlation to complex asset management, monitoring, 
and event correlation -- to consider.

SIM, which also comes in the form of security event management (SEM) and 
security information and event management (SIEM), can keep track of 
systems on a network and vulnerability-scan data for those systems and 
events from an intrusion detection system (IDS) like Snort, for example. 
So if a Conficker-infected host gets introduced into the network, the 
SIM could correlate the IDS events with identified vulnerabilities, and 
point first responders to the systems that are most likely to be 
infected.

Keep in mind, free SIM options still require time to learn, configure, 
and tune. The same holds true for commercial solutions, but the current 
free and open source solutions suffer from a lack of documentation, 
making the initial setup and configuration a much more difficult 
process. However, several of the free solutions -- such as OSSIM and 
Prelude -- are backed by companies that can be contracted for support.

[...]


_____________________________________________
Visit the InfoSec News security bookstore!
http://www.shopinfosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods