You have installed firewalls at the perimeter of your network, rely on intrusion-detection systems to keep the bad guys at bay and have anti-virus software running on your desktop machines. And it's still not enough.

Experts say that as hackers step up their efforts to attack your network you should consider more advanced technologies and policies to defend your territory.

That's where more advanced technology will come into play. Security-information management (SIM ) systems that centralize correlation, reporting and management for multi-vendor products likely will become standard options from many vendors.

SIM products use data-aggregation and event-correlation features similar to those of network-management software and apply those features to event logs generated from security devices such as firewalls, proxy servers, IDSs and anti-virus software. Also, SIM products can translate Cisco and Check Point  alerts into a common format so the data can be correlated.

NetForensics is working on software that gathers information generated by all the different point-products - such as firewalls, IDSs and anti-virus tools - to decipher what unauthorized activity might occur on a network and automatically take steps to protect it.

"This overarching system will give a bird's-eye view of what's happening on the network, not the current worm's-eye view" presented by point products, says Anton Chuvakin, security specialist at NetForensics.

The system will draw from a knowledgebase to detect whether an attack has worm- or virus-like characteristics and take relevant measures to protect the network.

Chuvakin says security professionals might not be happy letting the system decide on and apply the necessary security procedures, and says the first generation of the software will offer suggestions instead. After a year of using the product, users should feel comfortable letting the system make decisions by itself, Chuvakin says.

He says that this system would also incorporate network forensic tools, which gather information after attacks have occurred to help network executives investigate how they happened and the nature of the attacks. SIM would proactively help stop attacks, and if the attacks were successful the network forensics tools would mine the information about the hacks to beef up the system's knowledgebase and theoretically help stop the next attack.