Security information-management (SIM) products (also referred to as Security Event Management wares) automate the manual process of collecting security-specific event-log data from file systems, security appliances and other network devices. The latter include firewalls, proxy servers, intrusion-detection systems, intrusion-prevention systems, routers and switches, and antispam, antivirus and antispyware software.
SIM has data-aggregation and network event-correlation features similar to those found in network management software.
The market of late has focuses on three areas of improvement for these products – boosting their performance (how fast can you collect security information without missing an event?), tying specific security events to specific user identities and beefing up their reporting capabilities that help companies with security compliance issues (how can you help the security manager sort through the real security issues and those that are merely false-positive alerts?). While the market remains strong for SIM point products, traditional network-management vendors have been buying SIM vendors with the announced intention of integrating the security-specific event.
Additional resources
SIM Buyer's Guide
Detailed specs on SIM products.
According to
According to Gartner:
"Security information and event management (SIEM) technology delivers two basic capabilities:
• Security information management (SIM) — SIM provides reporting and analysis of data
primarily from host systems and applications, and secondarily from security devices to
support regulatory compliance initiatives, internal threat management and security policy
compliance management. SIM can be used to support the activities of the IT security,
internal audit and compliance organizations.
• Security event management (SEM) — SEM improves security incident response
capabilities. SEM processes near-real-time data from security devices, network devices
and systems to provide real-time event management for security operations. SEM helps
IT security operations personnel be more effective in responding to external and internal
threats.
SIM and SEM require a common set of base functions, but they differ both in scope and the time
frame for data analysis"