- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Verizon snares $678 million federal network deal
- Cisco loses $2 million order to Nortel
- HP buys EDS for $13.9 billion
The movement towards laptop computers has fueled an unprecedented number of data breaches. For IT and Information Security, encryption and training has proven ineffective against careless users and insider threats. This paper discusses these limitations and explains how endpoint security allows remote deletion of sensitive data, tracking of computers outside the network and the physical recovery of missing computers. Learn how you can ensure mobile data protection regardless of end-user interference.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Find out how you can consolidate Windows workloads and create a more efficient virtualized data center in this informative webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization." Six concise webcast modules are available for your viewing. Watch them all consecutively or only the topics that interest you. The modules cover performance, user case studies, enterprise-level support, managing windows workloads, setup and configuration and the future of virtualization. Learn more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
Firewalls, intrusion detection, vulnerability assessment tools - oh my! These are just a few of the devices that generate megabytes (and sometimes gigabytes) of daily logs of interest to security professionals. And that's before you count the piles of log data generated by anti-virus applications, operating systems, Web servers, file integrity programs and routers/switches .
The data is overwhelming at best, and analyzing it accurately without assistance is impossible.
Enter security information management (SIM), security event management (SEM) and/or enterprise security management . Whatever your naming preference, the goal is the same: to make sense of the data your security infrastructure provides.
The term SEM seems to best describe the task these products perform. Devices generate alerts or logs on security events, such as blocked packets, failed logons or attempted exploits. Managing these events is the next step in the evolution of the corporate security infrastructure.
ArcSight, e-Security, netForensics, Network Intelligence and Tenable Network Security agreed to participate in this review, while Consul, GuardedNet, Intellitactics, NetIQ, Open Service and Tivoli declined.
ArcSight 2.5 wins our Blue Ribbon Award based on its ease of use, flexibility and administration interface. E-Security v4 was not far behind. Its extensibility makes it stand out, but the product is not very easy to use.
Network Intelligence's HA Series comes in a close third. It is the only product sold as an appliance, and it is easy to set up and use. NetForensics 3.1 has a lot of potential, but the user interface, SIM Desktop, could be improved.
Tenable's Lightning 2.0 only focuses on vulnerability assessment and intrusion-detection system (IDS ) logs. This product is an excellent investment for small organizations getting started in SEM. It is less expensive than the other, more complex products and much easier to set up.
SEM implementations require careful planning and analysis, even before you decide which product to purchase. You need to fully understand what systems you want logged, how you want those logs gathered and how many logs each system generates on average and during peak times, such as worm outbreaks.
A further consideration new to most corporate security departments is data management. Enterprise SEM products use beefy database backends - usually Oracle or Sybase. Most corporate security teams do not have a database administrator on staff, so they try to work with the corporate database team or look at hiring some help. Hand in hand with database management and maintenance is data retention policy. Data retention policies can have a large effect on your SEM implementation because they mandate some of your hardware requirements.
The products we tested all handle SEM differently. One major difference is how they are sold. Network Intelligence is the only product sold as an appliance with hardware and software included. All other products are software only, so factor in the cost of hardware purchases in your budget. If you need to purchase anywhere near the same systems provided for our testing (see How we did it ), your hardware budget will be significant.
It all depends on the number of systems you plan to monitor, the number of daily events you expect to process and how long you need to retain the data on your system for analysis. Systems that vendors provided for this review typically included a multi-CPU system with 2G to 4G bytes of RAM.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
