How to successfully plan and implement a Security Event Management System How to successfully plan and implement a Security Event Management System - RSS feed from Security Park
(08/03/2007)

A Security Event Manager is a piece of software which takes as input logs and alerts from a variety of systems, such as Firewalls, Routers, and Servers, and attempts to inform the engineer of unusual occurrences which warrant further investigation.

The SEM benefits from having available to it information coming from many systems at both the network and application level, having an understanding of event severity, and may also have access to vulnerability databases which describe common weaknesses and their exploitation. SEM software may also feature tools to aid the analyst charged with investigating events and producing reports. There has been a vendor-fuelled explosion in acronyms around SEM, and you will see them referred to variously as SEM, SIM, CSEM, CIEM, and ESM systems.

All of these perform broadly similar functions with differing scalability, utility, user-friendliness, and price. Although vendors may use different terminology or allude to proprietary methods, all conform to the same basic mode of operation.

IT infrastructure, particularly security systems, produce vast quantities of logging information of varying quality. Although there is some consensus among groups of vendors for specific applications (e.g. Web Servers software) most logs do not conform to any common format, and frequently do not even record the same basic information about what the system in question is doing.

Generally one cannot count on the individual routers, servers, and applications having strong log file management capabilities, nor are they able to confer with one-another on the significance of a group of logged events from disparate systems. This means the hard job of the security analyst is made even more difficult. A SEM system is intended to assist in identifying and investigating anomalous events among this glut of data.

The goal of SEM software is to dramatically improve the signal to noise ratio for the security engineer, and to allow him or her to more easily identify “real” threats from false alarms. In this way SEMs act as a force-multiplier, giving the analyst an ability to do the work of a larger (and possibly more highly skilled) team. Although much is said about the technology involved in the SEM process, ultimately it’s all about getting the most out of the human in the loop.

Download the free Security Event Management System implementation white paper.

For more details, contact Steve Murphy, Phone: +44 (0)207 801 6309, email: steve.c.murphy@trinamo.com, Trinamo Solutions, www.trinamo-solutions.com

Related topics:  IT Network and Computer Security   Security industry   Security market sectors 


print versionPrint version | email this to a friendEmail to a friend | related articlesRelated articles


Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.


Other Security news and resources


Security News Suppliers Directory Jobs forum Classifieds Knowledge base White papers Research library Security books Special reports Security interviews Security companies Security events Security links Security market

Product channels

Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Other Security Products

IT Security white papers and research library

Access Control  Authentication  Data Management  Data Security  Digital Signatures  Email Security  Identity Management  Internet Security  Intrusion Prevention  Network Security  Remote access security  Security Management  Security Policies  Security Software  Security Threats  Virus Detection Software  Virus Protection  VPN  Vulnerability Assessment  Wireless Security 

Security books, guides, standards and toolkits

RFID and Smart Cards books, guides and reference documents  Biometric books, guides and reference documents  CCTV books, guides and reference documents  Intruder alarms and intrusion detection systems books, guides and reference documents  Monitoring and surveillance books, guides and reference documents  IT Governance, ISO 27001 ISO 17799 and BS 7799 toolkits  Fire, Health & Safety books, guides and reference documents

Security Resources
Directory GET LISTED! Jobs forum Classifieds Knowledge base White papers Research library Security books Security videos Special reports Security companies Security events Security links Security market Company news

Security Products
Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Security products

Security Markets
Bank and financial services security Corporate and enterprise security Education and school security Entertainment and events security Homeland and Government security Hospital and healthcare security Infrastructure and utilities security Manufacturing and industrial security Public sector security Residential and home security Retail security Small business security Sports and recreational security Transport and logistics security


Ensure that you conduct an effective information security risk assessment that is in line with ISO 27001 by purchasing vsRisk™ Risk Assessment Tool

Need a
Security reference book?
Find it on Amazon
Security books







advertise
sumbit an article
copyright
terms & conditions
privacy policy


CMS and Web design by www.Areza.com

Article search

Directory search


add your company
Google

ISO 18028 (Network Security Management)
Home | About | Contact | Submit article | Advertise | Newsletter | RSS | Search