SIM / SEM
SEM (security event management) / SIM (security incident management).SEM or SIM technology. Originally intended to manage the glut of alerts and advisories spit out by IDSes and firewalls, SEM/SIM products are evolving into complex system management tools that monitor a wide range of products and supervise everything from vulnerability information to attack management and patching.
It’s difficult to find an IT security expert who doesn’t espouse the need for security management tools.
“People are being buried by data”.
SEM technology promises to tame that data by centralizing, correlating, and prioritizing log data from various devices, presenting it via sophisticated visualization features that make it easy for network admins to spot security vulnerabilities and evolving attacks.
Typically, SEM products work by gathering log data and logged events from the devices they support. The information is stored in files such as text-based system logs and SNMP traps, which are notifications generated by network devices of significant events, including startups, reboots, and authentication failures.
Because different products record logs and events in different ways, that information must be translated -- or normalized -- into a standard format used by the SEM device’s correlation engine. Depending on the product being used, information capture and translation may be performed by a software client, or agent, residing on the monitored device or transmitted in raw format to a central collection point where it is normalized.
posted by Hervé SCHLECHT @ 9:09 PM
<< Home