|
Innovative Analytics Tools
As multifunction systems, SIMs can help compliance officers, network managers and security analysts. However, while their traditional Web-based tools work well in the world of reporting, they may be limiting for a security analyst who wants to navigate and understand what the SIM has to say.
Particularly in areas where a SIM is tasked as an "IDS superconsole," additional visual analytics tools can be very helpful. This was evident in 2004 when testing High Tower's visualization tool. But visualizing security information is a difficult job to do well; High Tower put aside its visualization technology and chose instead to focus on correlation and analytics tools.
Sourcefire's Defense Center, a mini-SIM limited to intrusion detection and network discovery based on Sourcefire's own products, comes with a visualization tool that shows promise. Further along is NitroSecurity's advanced SIM console for security event visualization and analytics. Although Nitro-Security's console has limited usefulness when looking at non-IDS data, it's an outstanding example of what can be done with advanced GUI toolkits. NitroSecurity uses Flash for its snazzy visualizations, which allow the security analyst to easily navigate through streams of IDS alerts, summarize events and drill down into items of interest.
Security information has become critical to safe and reliable networking, so security managers can no longer afford piecemeal solutions to analyzing and integrating the fire hose of information. As the world of SIMs fills out to low-end and mid-range products, we are seeing significant innovation and welcome enhancements at all levels.
Far from the expensive and clumsy tools of the past, SIMs now deserve a place in every enterprise network.
|
