Understanding event correlation and the need for security information management
Abstract
Enormous logs are produced by various network devices like IDS or Firewall, Webserver, applications and databases which is practically impossible to monitor manually. A single firewall alone can produce over 1 gigabyte of log data in a single day and IDS can produce over 500,000 messages over the same period. What’s worse – much of the information generated by these security systems is dominated by false positives (an indication of hostile activity when there is none). The challenge is to isolate and prioritize the few messages that do indeed indicate real security threats. This need to isolate significant security incidents from the white noise of IDS, FW, OS, APPS, and AVS messages is part of the larger economic reality requiring organizations to utilize their existing security resources more effectively. Automation of the security operations workload and prioritization of tasks in the operations center is critical.
This white paper discusses how event correlation works and how a SIM (security information management) can fit into a corporate network to minimize the challenges faced by the system administrators or security professionals. Also, it discusses ways to reduce the time spend in analyzing huge logs produced by various network devices.
|
 B2E
Business Process
Management
Business Intelligence
and Data Warehousing
e-Business
Enterprise Applications Services
Technology Infrastructure Services
Embedded & Product Services
Talent Transformation
Telecommunication & Internetworking
|
White Papers 
Subscribe to 'Peer Ping' our monthly newsletter
Request for Information
Contact Us
India : An outsourcer's paradise
