This article can also be found in the Premium Editorial Download "Information Security magazine: How to tell if you need the help of security integrators and consultants."
Download it now to read this article plus other related content.
Innovative Analytics Tools
As multifunction systems, SIMs can help compliance officers, network managers and security analysts. However, while their traditional Web-based tools work well in the world of reporting, they may be limiting for a security analyst who wants to navigate and understand what the SIM has to say.
Particularly in areas where a SIM is tasked as an "IDS superconsole," additional visual analytics tools can be very helpful. This was evident in 2004 when testing High Tower's visualization tool. But visualizing security information is a difficult job to do well; High Tower put aside its visualization technology and chose instead to focus on correlation and analytics tools.
Sourcefire's Defense Center, a mini-SIM limited to intrusion detection and network discovery based on Sourcefire's own products, comes with a visualization tool that shows promise. Further along is NitroSecurity's advanced SIM console for security event visualization and analytics. Although Nitro-Security's console has limited usefulness when looking at non-IDS data, it's an outstanding example of what can be done with advanced GUI toolkits. NitroSecurity uses Flash for its snazzy visualizations, which allow the security analyst to easily navigate through streams of IDS alerts, summarize events and drill down into items of interest.
Security information has become critical to safe and reliable networking, so security managers can no longer afford piecemeal
Far from the expensive and clumsy tools of the past, SIMs now deserve a place in every enterprise network.
This was first published in June 2007