Essential Guide

Browse Sections

BACKGROUND IMAGE: iSTOCK/GETTY IMAGES

This content is part of the Essential Guide: How to define SIEM strategy, management and success in the enterprise

Problem solve

Should IDS and SIM/SEM/SIEM be used for network intrusion monitoring?

Is it enough just to monitor log data, or does that data need to be fed into a SIM/SEM/SIEM product in order to ease the data analysis process? Network security expert Mike Chapple weighs in.

Mike Chapple, University of Notre Dame

Is it enough just to analyze log data, or it is necessary (or beneficial) to have IDS feed to SIM/SEM as well? Will correlated logs provide me with enough information to pinpoint a security issue or will signature-based IDS provide me with an additional view, which cannot be determined just with logs?

Generally speaking, a SIM/SEM/SIEM network intrusion monitoring system is an enhancement to an existing IDS. It...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

will store and further process the logs generated by the IDS and allow you to correlate IDS entries with other security events, such as vulnerabilities detected by a network scanner. The use of a SIM/SEM/SIEM can greatly reduce the amount of time spent reviewing log records by automating the task.

That said, SIM/SEM/SIEM devices are expensive. If you don't have the budget to purchase a good SIM/SEM/SIEM, you're probably better off doing network intrusion monitoring yourself than installing a marginal quality SIM/SEM/SIEM. Less sophisticated systems integrate with fewer of your security devices, require more extensive configuration and maintenance and will probably increase the total cost of ownership.

You shouldn't lose any data between your IDS and your SIM, but it's always a good idea to monitor log data and keep IDS logs as a backup in the event the SIM malfunctions or becomes unavailable.

For more information:

Learn how to mine enterprise SIM logs for relevant security event data.
Don't have a SIM? Find out how to check for attack data on network logs without SIMs

This was last published in April 2009

Dig Deeper on SIEM, log management and big data security analytics

security information and event management (SIEM) Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of organization’s information technology (IT) security.

Security information management systems aspire to real-time security Today’s security information management systems (SIM) are excellent forensics tools, but they haven’t yet achieved status as effective real-time security tools.

SIEM technology primer: SIEM platforms have improved significantly After a rocky start with early SIEM technologies, current offerings are easier to use and provide more reliable automated responses.

Next generation SIEM could boost network visibility, but platforms must scale, experts say Can security information and event management systems be the foundation for comprehensive IT data analytics? Powerful correlation engines and sharper analytical capabilities are forthcoming, analysts say.

Security information and event management (SIEM) systems streamline compliance SIEM systems can be an extremely useful tool to any IT department, not just those needing to adhere to compliance requirements. This tip offers an introduction on how SIEM systems work to improve overall security posture, while also addressing compliance processes.

Tripwire enters tumultuous SIEM market With companies driven to SIEM by PCI and other compliance projects, Tripwire is the latest vendor to emerge. Analysts like SIEM technology, but predict vendor consolidation ahead.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Essential Guide

Should IDS and SIM/SEM/SIEM be used for network intrusion monitoring?

Is it enough just to monitor log data, or does that data need to be fed into a SIM/SEM/SIEM product in order to ease the data analysis process? Network security expert Mike Chapple weighs in.

Dig Deeper on SIEM, log management and big data security analytics

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

McAfee launches security tool Mvision Cloud for Containers

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

SearchNetworking

Consider these 5 FAQs for network monitoring best practices

Cisco's Silicon One networking chip targets cloud data centers

7 factors to consider in network redundancy design

SearchCIO

Transforming operations for successful cloud adoption

IT workforce skews younger, says analysis of US data

Top edge computing trends to watch in 2020

SearchEnterpriseDesktop

How to shut down and restart a remote computer

Setting up Windows 10 kiosk mode with 4 different methods

Microsoft extends Office 365 benefit to nonprofit volunteers

SearchCloudComputing

The future of the Kubernetes ecosystem isn't all about cloud

Evaluate general and niche cloud service use cases

Compare niche cloud services to the hyperscale offerings

ComputerWeekly.com

Alarm bells ring, the IoT is listening

New government faces calls to urgently deliver on pre-election pledge to review IR35 reforms

Future fashion: does that dress come in digital?

Dig Deeper on SIEM, log management and big data security analytics

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.