Essential Guide

How to define SIEM strategy, management and success in the enterprise

A comprehensive collection of articles, videos and more, hand-picked by our editors
Q

Should IDS and SIM/SEM/SIEM be used for network intrusion monitoring?

Is it enough just to monitor log data, or does that data need to be fed into a SIM/SEM/SIEM product in order to ease the data analysis process? Network security expert Mike Chapple weighs in.

Is it enough just to analyze log data, or it is necessary (or beneficial) to have IDS feed to SIM/SEM as well? Will correlated logs provide me with enough information to pinpoint a security issue or will signature-based IDS provide me with an additional view, which cannot be determined just with logs?

Generally speaking, a SIM/SEM/SIEM network intrusion monitoring system is an enhancement to an existing IDS. It will store and further process the logs generated by the IDS and allow you to correlate IDS entries with other security events, such as vulnerabilities detected by a network scanner. The use of a SIM/SEM/SIEM can greatly reduce the amount of time spent reviewing log records by automating the task.

That said, SIM/SEM/SIEM devices are expensive. If you don't have the budget to purchase a good SIM/SEM/SIEM, you're probably better off doing network intrusion monitoring yourself than installing a marginal quality SIM/SEM/SIEM. Less sophisticated systems integrate with fewer of your security devices, require more extensive configuration and maintenance and will probably increase the total cost of ownership.

You shouldn't lose any data between your IDS and your SIM, but it's always a good idea to monitor log data and keep IDS logs as a backup in the event the SIM malfunctions or becomes unavailable.

For more information:

This was first published in April 2009

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

How to define SIEM strategy, management and success in the enterprise

GUIDE SECTIONS

  1. Strategy
  2. Operations
  3. The future

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close