Connect the Dots
An emerging field, SIM (security information management), helps keep security teams sane by empowering their operators and helping identify some of those higher-risk security events. By combining data aggregation with correlation technologies, SIM products attempt to harness the power of security data and provide the answer to a very important question for security personnel: Where should I be focusing my attention? Data-correlation techniques can do this by answering specific questions like "Have I seen this attacker's IP address before?" "Where have I seen it before?" and "How many times have I seen it before?" Some products, such as Intellitactics' Network Security Manager (NSM), even let operators classify system values, giving security teams the ability to visually discern high-impact attacks against more critical systems.
The link for this article located at Network Computing is no longer available.