Security information management
Security information management (SIM) is an information security industry term for the collection of data such as log files into a central repository for trend analysis.[1]
SIM products generally are software agents running on the computer systems that are to be monitored, which then send the log information to a centralized server acting as a "security console". The console typically displays reports, charts, and graphs of that information, often in real time. Some software agents can incorporate local filters, to reduce and manipulate the data that they send to the server, although typically from a forensic point of view you would collect all audit and accounting logs to ensure you can recreate a security incident.
The security console is monitored by a human being, who reviews the consolidated information, and takes action in response to any alerts issued.[2][3]
The data that is sent to the server, to be correlated and analyzed, are normalized by the software agents into a common form, usually XML. Those data are then aggregated, in order to reduce their overall size.[2][3]
The terminology can easily be mistaken as a reference to the whole aspect of protecting one's infrastructure from any computer security breach. Due to historic reasons of terminology evolution; SIM refers to just the part of information security which consists of discovery of 'bad behavior' by using data collection techniques. The term commonly used to represent an entire security infrastructure that protects an environment is commonly called information security management (InfoSec).
Security information management is also referred to as log management and is different from SEM (security event management), but makes up a portion of a SIEM (security information and event management) solution.[4][5][6] [7]
Notable solutions in the SIM/SEM marketplace
The following solutions are notable in the SIM/SEM marketplace:[8][9][10][11][12]
- AccelOps Integrated SIEM and PAM
- Alcatel-Lucent OA Safeguard
- AlienVault Unified Security Management
- Araknos Akab2 Integrated SIEM [13]
- Assuria Log Manager[14][15]
- BlackStratus LOG Storm[16]
- Cisco Cisco Security Manager
- CNAM Threat Defense Platform
- Correlog Correlog Solution Suite[17]
- CS Prelude/Vigilo
- EiQ Networks SecureVue[18]
- EMC2 RSA Security
- Envision RSA envision
- EventSentry Full Spectrum SIEM[19]
- EventTracker SIEM Simplified[20]
- HP ArcSight
- IBM Security QRadar SIEM
- LogRhythm SIEM 2.0 Security Intelligence
- McAfee Enterprise Security Manager
- NetIQ Sentinel
- NETMONASTERY SaaS Delivered SIEM[21]
- Observable Networks Dynamic Endpoint Modeling[22]
- Praesidio[23]
- SecureSolutions SecurityAdvisor[24]
- Security Capsule Innovative technologies in business[25]
- SenSage Advanced SIEM and Log Management
- SolarWinds Log & Event Manager
- Splunk Splunk
- Symantec Security Information Manager, now discontinued[26]
- Tenable Network Security
- Tibco LogLogic (formerly Exaprotect)
- Trustwave Holdings Log Management Enterprise
- Tier-3 Huntsman
References
- ↑ J.L. Bayuk (2007). Stepping Through the InfoSec Program. ISACA. p. 97.
- 1 2 John Wylder (2004). Strategic Information Security. CRC Press. p. 172. ISBN 9780849320415.
- 1 2 Cyrus Peikari and Anton Chuvakin (2004). Security Warrior. O'Reilly. pp. 421–422. ISBN 9780596552398. Retrieved 17 January 2014.
- ↑ http://securityinformationeventmanagement.com/ Understanding SIEM
- ↑ http://systeminformationandeventmanagement.ru
- ↑ http://systeminformationandeventmanagement.com
- ↑ http://www.siem.su/ SIEM Analytics
- ↑ Gartner Magic Quadrant May 2008
- ↑ Gartner Magic Quadrant May 2010
- ↑ Gartner Magic Quadrant May 2011
- ↑ Gartner Magic Quadrant 2013
- ↑ Gartner Magic Quadrant, June 2014
- ↑ "Araknos Software Guide". Mosaic Security Research. Retrieved 21 July 2015.
- ↑ "Assuria Log Manager Overview". Assuria Ltd. Retrieved 24 March 2015.
- ↑ "CCTM - Awards - Assuria Log Manager Version 4". UK Government (Crown Copyright). 2011. Archived from the original on 4 December 2011. Retrieved 24 March 2015.
- ↑ "SIEM Solutions & Products". BlackStratus Systems & Technology. Retrieved 21 July 2015.
- ↑ "CorreLog". CorreLog. Retrieved 21 July 2015.
- ↑ EiQ Networks
- ↑ "SIEM, Event Log Management & Windows Server Log Monitoring Software". EventSentry. Retrieved 21 July 2015.
- ↑ "SIEM Simplified". EventTracker. Retrieved 21 July 2015.
- ↑ "Realtime Threat Management & Detection". NETMONASTERY. Retrieved 21 July 2015.
- ↑ "Network Security: A better approach". Observable Networks. Retrieved 21 July 2015.
- ↑ "Cloud-based Cybersecurity Solition for Banks". Praesidio. Retrieved 21 July 2015.
- ↑ "SecurityAdvisor - Complete Security Visibility made in Austria" (in German). SecureSolutions. Retrieved 21 July 2015.
- ↑ "ООО "ИТБ" - Защита информации" ["ITB" Ltd. - Data protection] (in Russian). "ITB" Ltd. Retrieved 21 July 2015.
- ↑ "SSIM is being discontinued ...as of September 2, 2013", 30 Aug 2013, symantec.com
See also
- Information security
- Information security management
- Information security management system
- Security Information and Event Management
- Security event manager