This article can also be found in the Premium Editorial Download "Information Security magazine: Keeping on top of risk management and data integrity essentials."
Download it now to read this article plus other related content.
|Spending Priorities by Budget|
Intelligent Risk Management
Beyond knowing who users are and what they're doing, enterprises are gaining a deeper appreciation for what's happening in their infrastructure and driving continued demand for security management products, such as SIM and ESM systems. Enterprises are looking for a deeper understanding of the threats and how they translate into risk, and how to reduce risk through technologies, processes and policies.
"We're not in a position to just jump into new technologies without understanding them first. To mitigate that risk, you must understand it and know how to control it," says Preston Wood, CISO of Zionsbancorporation, a multistate community banking system with 9,000 employees and $30 billion in deposits.
"Before we deploy any control to mitigate a risk, we need to completely understand the risk and the threat. There are various ways to do that: monitoring, profiling, metrics and due diligence," he says. "A lot of the value added is in the control process. We now have a good understanding of what we're going to accomplish and how we're going to provide value to the organization."
SIM and ESM products both enjoy strong adoption rates. SIMs are currently deployed in 30 percent of surveyed enterprises, while ESMs are in 25 percent. Deployment of SIM and ESM technologies is estimated to grow 33 percent and 23 percent, respectively, over the next 12 to 18 months.
Vendors are transforming these products from aggregators of IDS event logs into real-time event correlation and monitoring tools, thereby giving enterprises deeper insight into what's crossing from the network to the application layer. The products are able to slice and dice the data for everything from regulatory compliance to detecting rogue processes and applications.
Auditing applications are essential for regulatory compliance, but adoption of this technology set is slowing. Slightly more than 50 percent of the surveyed enterprises have auditing applications in use, while 18 percent plan to deploy them before the end of this year; 7 percent plan to have auditing apps in place within 18 months.
Marrying technologies and processes is a key component of any risk compliance program. Enterprises are looking for products that give them actionable information that they can use to make adjustments in their security management and compliance efforts.
Zions uses customized information-gathering tools to assess its security posture and make adjustments. It's the process that keeps the bank in compliance with SOX and GLBA, not the technology.
"We don't want to be in a position where every regulation is a fire drill," Wood says. "We need to be in a position where it's process-based."
This was first published in April 2005