[ISN] Tech Insight: Free SIM Tools Save Money -- And Maybe Your Data

From: InfoSec News <alerts_at_private>
Date: Mon, 15 Jun 2009 03:09:04 -0500 (CDT)

By John Sawyer
June 12, 2009

A Special Analysis for Dark Reading

Information overload is one of information security professionals' 
biggest enemies: The job of sorting through and making sense of event 
data, and then acting on it in a timely manner, is crucial. A lack of 
proper tools to manage that information can leave you floundering in 
mountains of data -- unable to protect your sensitive IT resources.

A slew of commercial security information management (SIM) tools are 
available that pinpoint events, systems, or areas of concern, and 
provide you with actionable data. But these tools often come with a 
hefty price tag, just as shrinking and nearly nonexistent budgets are 
leaving infosec pros looking for alternatives to expensive commercial 
solutions. Fortunately, there are several free and low-cost solutions -- 
from basic event correlation to complex asset management, monitoring, 
and event correlation -- to consider.

SIM, which also comes in the form of security event management (SEM) and 
security information and event management (SIEM), can keep track of 
systems on a network and vulnerability-scan data for those systems and 
events from an intrusion detection system (IDS) like Snort, for example. 
So if a Conficker-infected host gets introduced into the network, the 
SIM could correlate the IDS events with identified vulnerabilities, and 
point first responders to the systems that are most likely to be 

Keep in mind, free SIM options still require time to learn, configure, 
and tune. The same holds true for commercial solutions, but the current 
free and open source solutions suffer from a lack of documentation, 
making the initial setup and configuration a much more difficult 
process. However, several of the free solutions -- such as OSSIM and 
Prelude -- are backed by companies that can be contracted for support.


Visit the InfoSec News security bookstore!
Received on Mon Jun 15 2009 - 01:09:04 PDT

This archive was generated by hypermail 2.2.0 : Mon Jun 15 2009 - 01:23:32 PDT