| Abstract
Enormous logs are produced by various network devices
like IDS or Firewall, Webserver, applications and databases
which is practically impossible to monitor manually.
A single firewall alone can produce over 1 gigabyte
of log data in a single day and IDS can produce over
500,000 messages over the same period. What’s
worse – much of the information generated by these
security systems is dominated by false positives (an
indication of hostile activity when there is none).
The challenge is to isolate and prioritize the few messages
that do indeed indicate real security threats. This
need to isolate significant security incidents from
the white noise of IDS, FW, OS, APPS, and AVS messages
is part of the larger economic reality requiring organizations
to utilize their existing security resources more effectively.
Automation of the security operations workload and prioritization
of tasks in the operations center is critical.
This white paper discusses how event
correlation works and how a SIM (security information
management) can fit into a corporate network to minimize
the challenges faced by the system administrators or
security professionals. Also, it discusses ways to reduce
the time spend in analyzing huge logs produced by various
network devices.
Author
Debasis Mohanty
To know more about Wipro in e-Business, go to www.wipro.com/ebusiness
|
