* The Reviewmeister continues to take a look at security information tools Continuing our jaunt through the world of security information management or security event management, today we’ll look at Tenable Lightning and netForensics.* Tenable LigthningThis product from Tenable Network Security only focuses on vulnerability assessment and intrusion-detection system (IDS ) logs. We found that Lightning 2.0 is an excellent investment for small organizations getting started in SEM. It is less expensive than the other, more complex products and much easier to set up.In terms of licensing, Tenable Lightning 2.0 is licensed by the number of IP addresses active on your network. At the most basic level, SEM products aggregate security logs from various devices. Taking SEM to the next level, these products add correlation, which lets you create alerts for any combination of log entries. For example, you can create an alert if you see a port scan and an attempted attack (seen through IDS logs) for your Web server if the source IP address is the same.The next step, which Tenable supports, provides correlation between vulnerability assessment and IDS. You do not get an alert on an IDS log unless the targeted system is vulnerable to the attempted attack. This feature is beneficial because it can help reduce IDS false positives. * netForensics 3.1NetForensics 3.1 has a lot of potential, but the user interface, SIM Desktop, could be improved.In terms of the pricing model, NetForensics 3.1 is licensed by the number of devices being monitored.Each company, with the exception of Tenable, sent us pre-configured hardware. The installation team came in to configure the device for our lab environment and set everything up so alerts and events were being sent to their system from three initial devices in our test bed – a NetScreen Technologies firewall, a Cisco VPN Concentrator and a Cisco Catalyst switch – which all logged directly to syslog. The netForensics install took just two hours for initial setup, device configuration and a quick tutorial.Several of SIM products include case management functionality to track and record incidents as they are investigated. Events can be tagged and added to incidents just about anywhere in the GUI. NetForensics includes a collaboration area – a screen where users can type messages and have them visible to all other users – and the ability to attach any file to a case.For the full report, go to https://www.nwfusion.com/reviews/2003/1215semrev.html Related content news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center news AWS and Nvidia partner on Project Ceiba, a GPU-powered AI supercomputer The companies are extending their AI partnership, and one key initiative is a supercomputer that will be integrated with AWS services and used by Nvidia’s own R&D teams. By Andy Patrizio Nov 30, 2023 3 mins CPUs and Processors Generative AI Supercomputers news VMware stung by defections and layoffs after Broadcom close Layoffs and executive departures are expected after an acquisition, but there's also concern about VMware customer retention. By Andy Patrizio Nov 30, 2023 3 mins Virtualization Data Center Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe