SIMs
Security information and event management systems

[IMAGE]

Symantec Security Information Manager
Symantec

Readers awarded Symantec's Security Information Manager the gold medal in the security information and event management category, giving it high marks in event correlation, archiving and ease of deployment.

The Windows-based appliance collects and manages event data using sensors that are deployed on targeted systems.

The product also aids in responding to security threats by applying risk analysis metrics to the collected data.

It then prioritizes a threat list based on the organization's specific configurations, patch levels and known vulnerabilities tracked by Symantec through its Global Intelligence Network.

Built-in ticketing and workflow features also help document the response process to qu...

BROWSE BY TAG Features,   2008,   VIEW ALL TAGS

Symantec says the tool can help organizations comply with PCI, Sarbanes-Oxley and other regulations using a log storage feature that doesn't need a major investment in hardware or storage. It captures both normalized data and raw event information and allows users to review, conduct analysis and build reports based on the data.

NOTABLE Symantec has recently added anomaly detection, logical grouping and enhanced archiving to this product.

[IMAGE]

ArcSight Enterprise Security Manager
ArcSight

Readers rated highly ArcSight's Enterprise Security Manager's event correlation features and its ability to map information to an organization's unique set of policies and compliance regulations.

ESM works in conjunction with ArcSight Logger, which collects and normalizes event data and reports on security events based on rules created by the user. The tool is agentless, and uses event source connectors to collect the log data.

The data collected is compressed and stored in a proprietary file-based repository; it can store both normalized and raw event data, according to ArcSight.

The ESM takes the logging data, analyzes it and displays events on the ArcSight console, triggering alerts. ArcSight said its ESM tool also integrates with custom data sources, including home grown applications and physical security systems.

ESM's correlation capabilities can discern events connected to a specific individual and that user's business role and organizational membership. It can associate any IP address-based events with events from the enterprise's physical infrastructure.

NOTABLE ArcSight held its IPO in February and raised $50 million. Stocks were priced on the low end of their $9-$11 projections.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   9  |   10  |   11  |   12  |   13  |   14  |   15  |   16  |   17  |   18  |   19  |   20  |   21  |   22  |   23  |   24  |   25  |   26  |   27  |   28  |   29  |   30  |   31  |   32  |   33  |   34  |   35  |   NEXT PAGE  >