Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Security Information Management

Posted on 2007-04-06
6
Medium Priority
?
304 Views
Last Modified: 2010-03-05
Does anyone know anything about SIM (Security Information Managment) software? I know its a security like scanner on a network but does anyone have any experience or feedback to this system?
0
Comment
Question by:shoris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Expert Comment

by:herbus
ID: 18869312
I implement GFI's S.E.L.M. (now EventsManager) product for a handful of clients, so it's one SIM package I'm directly familiar with... it, and I would guess other SIM software, collects event logs from network-wide systems and puts it all in one place (and can generate alerts or take action when alerts occur)...

Anything in particular you're keen to know?
0
 

Author Comment

by:shoris
ID: 18869360
GFI is great.. good point.. but what about a SIM - a one managment system to collect information on devices like firewalls, vpn, etc.. i know bigger companies use a variety of SIMs.. besides GFI, is there any other SIM that handle that kind of one managment system?
0
 
LVL 9

Accepted Solution

by:
herbus earned 1000 total points
ID: 18869385
Will be good to see some other experts post their experiences of similar software,.. I'm familiar with other monitoring packages like Quest's Big Brother, HP Openview, etc, that use SNMP or client software to report back info on hardware utilisation, service status, log alerts, etc, but in my experiences so far GFI has been ideal for focusing on security only, so it fits into the description of SIM more than general monitoring packages...

For the record, GFI EventsManager has expanded on SELM's capabilities so it's not just Windows anymore... "Centralizes Syslog, W3C and Windows events generated by firewalls, servers, routers, switches, phone systems, PCs and more"... (though I haven't deployed the new EventsManager yet so can't go into much detail on it)

Cheers,
Herb
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 79

Expert Comment

by:lrmoore
ID: 18869460
You can look at something like Cisco's CSMARS product
http://www.cisco.com/en/US/products/ps6241/index.html
Here's a list of compatible devices like firewalls, vpns, servers, etc that MARS can collect information from and act as a single event manager
http://www.cisco.com/en/US/products/ps6241/products_device_support_table09186a0080467232.html

0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18869932
Herbus is right about GFI. Excellent products.
You can also look at this open source alternative: http://www.ossim.net/
It integrates Snort, Nessus, Spade ...
I haven't used it myself but am planning to look into it further in the near future.

Remember that the key is human intelligence. You'll always need someone to interprete the results and reports, then act accordingly

J.
0
 
LVL 14

Assisted Solution

by:chris_calabrese
chris_calabrese earned 1000 total points
ID: 18875719
SIM and SEM (Security Event Management) systems can be a great way to centralize security information from all over your network into one place where it can be reported on and responded to.

On the other hand, building a SIM and/or SEM system is a HUGE undertaking and should not be considered lightly.

My suggestion is to first do some digging into not only the specific products but also the general ideas. Maybe attend some training at SANS or something.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question