?
Solved

Security Information Management

Posted on 2007-04-06
6
Medium Priority
?
301 Views
Last Modified: 2010-03-05
Does anyone know anything about SIM (Security Information Managment) software? I know its a security like scanner on a network but does anyone have any experience or feedback to this system?
0
Comment
Question by:shoris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Expert Comment

by:herbus
ID: 18869312
I implement GFI's S.E.L.M. (now EventsManager) product for a handful of clients, so it's one SIM package I'm directly familiar with... it, and I would guess other SIM software, collects event logs from network-wide systems and puts it all in one place (and can generate alerts or take action when alerts occur)...

Anything in particular you're keen to know?
0
 

Author Comment

by:shoris
ID: 18869360
GFI is great.. good point.. but what about a SIM - a one managment system to collect information on devices like firewalls, vpn, etc.. i know bigger companies use a variety of SIMs.. besides GFI, is there any other SIM that handle that kind of one managment system?
0
 
LVL 9

Accepted Solution

by:
herbus earned 1000 total points
ID: 18869385
Will be good to see some other experts post their experiences of similar software,.. I'm familiar with other monitoring packages like Quest's Big Brother, HP Openview, etc, that use SNMP or client software to report back info on hardware utilisation, service status, log alerts, etc, but in my experiences so far GFI has been ideal for focusing on security only, so it fits into the description of SIM more than general monitoring packages...

For the record, GFI EventsManager has expanded on SELM's capabilities so it's not just Windows anymore... "Centralizes Syslog, W3C and Windows events generated by firewalls, servers, routers, switches, phone systems, PCs and more"... (though I haven't deployed the new EventsManager yet so can't go into much detail on it)

Cheers,
Herb
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 79

Expert Comment

by:lrmoore
ID: 18869460
You can look at something like Cisco's CSMARS product
http://www.cisco.com/en/US/products/ps6241/index.html
Here's a list of compatible devices like firewalls, vpns, servers, etc that MARS can collect information from and act as a single event manager
http://www.cisco.com/en/US/products/ps6241/products_device_support_table09186a0080467232.html

0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18869932
Herbus is right about GFI. Excellent products.
You can also look at this open source alternative: http://www.ossim.net/
It integrates Snort, Nessus, Spade ...
I haven't used it myself but am planning to look into it further in the near future.

Remember that the key is human intelligence. You'll always need someone to interprete the results and reports, then act accordingly

J.
0
 
LVL 14

Assisted Solution

by:chris_calabrese
chris_calabrese earned 1000 total points
ID: 18875719
SIM and SEM (Security Event Management) systems can be a great way to centralize security information from all over your network into one place where it can be reported on and responded to.

On the other hand, building a SIM and/or SEM system is a HUGE undertaking and should not be considered lightly.

My suggestion is to first do some digging into not only the specific products but also the general ideas. Maybe attend some training at SANS or something.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question