If you're an IT security practitioner, a phalanx of intricately aligned defense mechanisms are at your disposal. Your perimeter defense strategy comprises firewalls, routers and intrusion-detection systems. You're running intrusion-prevention software on key machines, with host-based intrusion-detection systems watching their backs. . . .
If you're an IT security practitioner, a phalanx of intricately aligned defense mechanisms are at your disposal. Your perimeter defense strategy comprises firewalls, routers and intrusion-detection systems. You're running intrusion-prevention software on key machines, with host-based intrusion-detection systems watching their backs. You're inspecting your logs, monitoring key files, unifying your authentication efforts and encrypting key data components. To top it off, your automated vulnerability-assessment scanners help your administrators keep up with the required patching efforts.

An emerging field, SIM (security information management), helps keep security teams sane by empowering their operators and helping identify some of those higher-risk security events. By combining data aggregation with correlation technologies, SIM products attempt to harness the power of security data and provide the answer to a very important question for security personnel: Where should I be focusing my attention? Data-correlation techniques can do this by answering specific questions like "Have I seen this attacker's IP address before?" "Where have I seen it before?" and "How many times have I seen it before?" Some products, such as Intellitactics' Network Security Manager (NSM), even let operators classify system values, giving security teams the ability to visually discern high-impact attacks against more critical systems.

The link for this article located at Network Computing is no longer available.