Integrating SEM (security event management) technology with existing security and system management infrastructure can be a hair-raising experience. Security point products such as IDSes, anti-virus gateways, and vulnerability scanners tend to use proprietary formats for reporting, recording network events, and issuing alerts. . . .
Integrating SEM (security event management) technology with existing security and system management infrastructure can be a hair-raising experience. Security point products such as IDSes, anti-virus gateways, and vulnerability scanners tend to use proprietary formats for reporting, recording network events, and issuing alerts. And the standard formats that do exist -- such as SNMP and syslog files -- are limited in what they can convey.

Today, SEM vendors get around the limitations by relying on custom plug-ins or software agents for each security or system management product they want to interact with. For example, Computer Associates (Profile, Products, Articles) has more than 100 integration kits that allow its eTrust Security Command Center to digest data from third-party security software. Most vendors also offer tools or services to integrate information from unsupported products or custom software applications.

To simplify integration and management, universally accepted standards are required so that network end points, security products, and system management platforms can speak a common language. "An event's not meaningful if we can't define it. We need a well-defined schema and standards so that any system can generate an auditable event, then have [another system] receive it, classify it, store it, and do analysis," says Arvind Krishna, vice president of security and provisioning development at IBM (Profile, Products, Articles) Tivoli.

The link for this article located at infoworld.com is no longer available.