Definition

security information management (SIM)

What is security information management (SIM)?

Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs. A security information management system (SIMS) automates that practice. Security information management is sometimes called security event management (SEM) or security information and event management (SIEM).

Security information includes log data generated from numerous sources, including antivirus software, intrusion-detection systems (IDS), intrusion-prevention systems (IPS), file systems, firewalls, routers, servers and switches.

Security information management systems may:

  • Monitor events in real time.
  • Display a real-time view of activity.
  • Translate event data from various sources into a common format, typically XML.
  • Aggregate data.
  • Correlate data from multiple sources.
  • Cross-correlate to help administrators discern between real threats and false positives.
  • Provide automated incidence response.
  • Send alerts and generate reports.

Commercial SIM products include ArcSight ESM, nFX's SIM One, Network Intelligence's enVision, Prism Microsystems' EventTracker, Trigeo, Symantec's Security Information Manager, Cisco Security MARS and Snare. Open source SIM products include OSSIM, a product of the Open Source Security Information Management initiative, and Prelude, from PreludeIDS.

Although SIM products can automate many tasks around security information gathering and processing, they can't operate effectively without significant effort and investment on the part of the organization in question. According to Neil Roiter, Senior Technology Editor of Information Security magazine, "Security information and event management (SIEM) products are only as good as the policies and processes they support, and the analyst resources that a company can pour into them."

Learn More About IT:
> Adrian Lane explains mining enterprise SIM logs for relevant security event data.
> Network World Buyers Guide provides an overview of security information management and compares SIM products.
> Neil Roiter explains why security information management is not for small businesses -- or the faint of heart.

Related glossary terms: security event (security incident)
This was last updated in September 2009
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: