http://darkreading.com/security/management/showArticle.jhtml?articleID=217800973 By John Sawyer DarkReading June 12, 2009 A Special Analysis for Dark Reading Information overload is one of information security professionals' biggest enemies: The job of sorting through and making sense of event data, and then acting on it in a timely manner, is crucial. A lack of proper tools to manage that information can leave you floundering in mountains of data -- unable to protect your sensitive IT resources. A slew of commercial security information management (SIM) tools are available that pinpoint events, systems, or areas of concern, and provide you with actionable data. But these tools often come with a hefty price tag, just as shrinking and nearly nonexistent budgets are leaving infosec pros looking for alternatives to expensive commercial solutions. Fortunately, there are several free and low-cost solutions -- from basic event correlation to complex asset management, monitoring, and event correlation -- to consider. SIM, which also comes in the form of security event management (SEM) and security information and event management (SIEM), can keep track of systems on a network and vulnerability-scan data for those systems and events from an intrusion detection system (IDS) like Snort, for example. So if a Conficker-infected host gets introduced into the network, the SIM could correlate the IDS events with identified vulnerabilities, and point first responders to the systems that are most likely to be infected. Keep in mind, free SIM options still require time to learn, configure, and tune. The same holds true for commercial solutions, but the current free and open source solutions suffer from a lack of documentation, making the initial setup and configuration a much more difficult process. However, several of the free solutions -- such as OSSIM and Prelude -- are backed by companies that can be contracted for support. [...] _____________________________________________ Visit the InfoSec News security bookstore! http://www.shopinfosecnews.orgReceived on Mon Jun 15 2009 - 01:09:04 PDT
This archive was generated by hypermail 2.2.0 : Mon Jun 15 2009 - 01:23:32 PDT