• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 309
  • Last Modified:

Security Information Management

Does anyone know anything about SIM (Security Information Managment) software? I know its a security like scanner on a network but does anyone have any experience or feedback to this system?
0
shoris
Asked:
shoris
2 Solutions
 
herbusCommented:
I implement GFI's S.E.L.M. (now EventsManager) product for a handful of clients, so it's one SIM package I'm directly familiar with... it, and I would guess other SIM software, collects event logs from network-wide systems and puts it all in one place (and can generate alerts or take action when alerts occur)...

Anything in particular you're keen to know?
0
 
shorisAuthor Commented:
GFI is great.. good point.. but what about a SIM - a one managment system to collect information on devices like firewalls, vpn, etc.. i know bigger companies use a variety of SIMs.. besides GFI, is there any other SIM that handle that kind of one managment system?
0
 
herbusCommented:
Will be good to see some other experts post their experiences of similar software,.. I'm familiar with other monitoring packages like Quest's Big Brother, HP Openview, etc, that use SNMP or client software to report back info on hardware utilisation, service status, log alerts, etc, but in my experiences so far GFI has been ideal for focusing on security only, so it fits into the description of SIM more than general monitoring packages...

For the record, GFI EventsManager has expanded on SELM's capabilities so it's not just Windows anymore... "Centralizes Syslog, W3C and Windows events generated by firewalls, servers, routers, switches, phone systems, PCs and more"... (though I haven't deployed the new EventsManager yet so can't go into much detail on it)

Cheers,
Herb
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
lrmooreCommented:
You can look at something like Cisco's CSMARS product
http://www.cisco.com/en/US/products/ps6241/index.html
Here's a list of compatible devices like firewalls, vpns, servers, etc that MARS can collect information from and act as a single event manager
http://www.cisco.com/en/US/products/ps6241/products_device_support_table09186a0080467232.html

0
 
PowerITCommented:
Herbus is right about GFI. Excellent products.
You can also look at this open source alternative: http://www.ossim.net/
It integrates Snort, Nessus, Spade ...
I haven't used it myself but am planning to look into it further in the near future.

Remember that the key is human intelligence. You'll always need someone to interprete the results and reports, then act accordingly

J.
0
 
chris_calabreseCommented:
SIM and SEM (Security Event Management) systems can be a great way to centralize security information from all over your network into one place where it can be reported on and responded to.

On the other hand, building a SIM and/or SEM system is a HUGE undertaking and should not be considered lightly.

My suggestion is to first do some digging into not only the specific products but also the general ideas. Maybe attend some training at SANS or something.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now