Solved

Security Information Management

Posted on 2007-04-06
6
299 Views
Last Modified: 2010-03-05
Does anyone know anything about SIM (Security Information Managment) software? I know its a security like scanner on a network but does anyone have any experience or feedback to this system?
0
Comment
Question by:shoris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Expert Comment

by:herbus
ID: 18869312
I implement GFI's S.E.L.M. (now EventsManager) product for a handful of clients, so it's one SIM package I'm directly familiar with... it, and I would guess other SIM software, collects event logs from network-wide systems and puts it all in one place (and can generate alerts or take action when alerts occur)...

Anything in particular you're keen to know?
0
 

Author Comment

by:shoris
ID: 18869360
GFI is great.. good point.. but what about a SIM - a one managment system to collect information on devices like firewalls, vpn, etc.. i know bigger companies use a variety of SIMs.. besides GFI, is there any other SIM that handle that kind of one managment system?
0
 
LVL 9

Accepted Solution

by:
herbus earned 250 total points
ID: 18869385
Will be good to see some other experts post their experiences of similar software,.. I'm familiar with other monitoring packages like Quest's Big Brother, HP Openview, etc, that use SNMP or client software to report back info on hardware utilisation, service status, log alerts, etc, but in my experiences so far GFI has been ideal for focusing on security only, so it fits into the description of SIM more than general monitoring packages...

For the record, GFI EventsManager has expanded on SELM's capabilities so it's not just Windows anymore... "Centralizes Syslog, W3C and Windows events generated by firewalls, servers, routers, switches, phone systems, PCs and more"... (though I haven't deployed the new EventsManager yet so can't go into much detail on it)

Cheers,
Herb
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 79

Expert Comment

by:lrmoore
ID: 18869460
You can look at something like Cisco's CSMARS product
http://www.cisco.com/en/US/products/ps6241/index.html
Here's a list of compatible devices like firewalls, vpns, servers, etc that MARS can collect information from and act as a single event manager
http://www.cisco.com/en/US/products/ps6241/products_device_support_table09186a0080467232.html

0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18869932
Herbus is right about GFI. Excellent products.
You can also look at this open source alternative: http://www.ossim.net/
It integrates Snort, Nessus, Spade ...
I haven't used it myself but am planning to look into it further in the near future.

Remember that the key is human intelligence. You'll always need someone to interprete the results and reports, then act accordingly

J.
0
 
LVL 14

Assisted Solution

by:chris_calabrese
chris_calabrese earned 250 total points
ID: 18875719
SIM and SEM (Security Event Management) systems can be a great way to centralize security information from all over your network into one place where it can be reported on and responded to.

On the other hand, building a SIM and/or SEM system is a HUGE undertaking and should not be considered lightly.

My suggestion is to first do some digging into not only the specific products but also the general ideas. Maybe attend some training at SANS or something.
0

Featured Post

Get Actionable Data from Your Monitoring Solution

Your communication platform is only as good as the relevance of the information you send. Ensure your alerts get to the right people every time with actionable responses. Create escalation rules that ensure everyone follows the process and nothing is left to chance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question