• United States
by Mandy Andress

How we did it

Dec 15, 20031 min

How we tested the various security event management systems.

We set up a test bed to run a number of different products and systems to monitor. This included Windows 2000 Server; Microsoft Internet Information Server 5.0; Red Hat Linux 7.3; Apache 1.3.28; IPTables; Check Point NG; Snort 2.0; Cisco VPN Concentrator; Cisco Catalyst Switch; NetScreen-100 running ScreenOS 2.5, Nessus, and Solaris 2.8; McAfee Entercept; Tripwire; and Cisco Security Agent.

Each company, with the exception of Tenable Network Security, sent Professional Services teams onsite to the lab for installation. While the teams were on-site, we set up the NetScreen and Cisco devices for monitoring. We set up the remaining devices ourselves, contacting support when required.

After device configuration, we created various filters and correlation events. We launched Blade Software’s IDS Informer, Nessus and ISS Internet Scanner to trigger events in our devices. We sustained approximately 300 events per second during this testing. As events were logged, we created cases and incident investigation in the products that provided this functionality.

Back to review: “Security event management”