Security Information Management

Does anyone know anything about SIM (Security Information Managment) software? I know its a security like scanner on a network but does anyone have any experience or feedback to this system?
shorisAsked:
Who is Participating?
 
herbusCommented:
Will be good to see some other experts post their experiences of similar software,.. I'm familiar with other monitoring packages like Quest's Big Brother, HP Openview, etc, that use SNMP or client software to report back info on hardware utilisation, service status, log alerts, etc, but in my experiences so far GFI has been ideal for focusing on security only, so it fits into the description of SIM more than general monitoring packages...

For the record, GFI EventsManager has expanded on SELM's capabilities so it's not just Windows anymore... "Centralizes Syslog, W3C and Windows events generated by firewalls, servers, routers, switches, phone systems, PCs and more"... (though I haven't deployed the new EventsManager yet so can't go into much detail on it)

Cheers,
Herb
0
 
herbusCommented:
I implement GFI's S.E.L.M. (now EventsManager) product for a handful of clients, so it's one SIM package I'm directly familiar with... it, and I would guess other SIM software, collects event logs from network-wide systems and puts it all in one place (and can generate alerts or take action when alerts occur)...

Anything in particular you're keen to know?
0
 
shorisAuthor Commented:
GFI is great.. good point.. but what about a SIM - a one managment system to collect information on devices like firewalls, vpn, etc.. i know bigger companies use a variety of SIMs.. besides GFI, is there any other SIM that handle that kind of one managment system?
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
lrmooreCommented:
You can look at something like Cisco's CSMARS product
http://www.cisco.com/en/US/products/ps6241/index.html
Here's a list of compatible devices like firewalls, vpns, servers, etc that MARS can collect information from and act as a single event manager
http://www.cisco.com/en/US/products/ps6241/products_device_support_table09186a0080467232.html

0
 
PowerITCommented:
Herbus is right about GFI. Excellent products.
You can also look at this open source alternative: http://www.ossim.net/
It integrates Snort, Nessus, Spade ...
I haven't used it myself but am planning to look into it further in the near future.

Remember that the key is human intelligence. You'll always need someone to interprete the results and reports, then act accordingly

J.
0
 
chris_calabreseCommented:
SIM and SEM (Security Event Management) systems can be a great way to centralize security information from all over your network into one place where it can be reported on and responded to.

On the other hand, building a SIM and/or SEM system is a HUGE undertaking and should not be considered lightly.

My suggestion is to first do some digging into not only the specific products but also the general ideas. Maybe attend some training at SANS or something.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.