Feature

SIMs maturing and suitable for mid-market

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: How to tell if you need the help of security integrators and consultants."

Download it now to read this article plus other related content.

Stronger Rule Technology
The heart of most SIMs is a set of business rules that help tune the correlation engine and identify what log data, events and security problems are worthy of alerts or active responses. In our 2004 testing, we found that most products had a small set of rules that were inadequate starting points.

In that test, SIM vendor OpenService stood apart with a rule-free approach to correlation, and hasn't changed its approach. No one else has entered that lonely niche. The opposite seems to be true; SIM vendors, particularly those supplying mid-range appliances, have responded with much stronger business rules out-of-the-box aimed at speeding deployment and sharing the considerable expertise they've gained in what works in a SIM.

For example, High Tower ships its SEM appliance with a set of 65 "mega-rules" that catch everything from unauthorized MySpace.com visits to successful brute-force logins.

Vendors also are enhancing their tools for building rules. TriGeo, which ships its SIM with more than 500 starting point rules, has an elegant rule definition tool that actively encourages the security manager to creatively add protections and alerts within the SIM, rather than making definition of rules an onerous task. Although TriGeo outwardly aims at networks of 100 to 150 devices, the business rule features in its SIM are so well designed that they put to shame this aspect of many other SIMs.

    Requires Free Membership to View

This was first published in June 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: