Security Information Management Comes of Age

Any security platform worth its salt produces log data, but in a large network running multiple systems and protocols it's impossible to monitor this accurately by tracking individual data sets. A well-developed security information management approach minimises the number of consoles that security professionals have to monitor, aggregating this data into a single easier-to-manage platform. (Security information management is generally considered to be restricted to this capturing and monitoring function, rather than the broader practice of information security management strategies, which also incorporates other technological, business and people management elements.)
"The value of SIM products was profoundly simple in concept," Forrester analysts John Kindervag and Andrew Jaquith noted in a recent technology overview. "They transformed noisy, low-level security event information generated by firewalls and intrusion detection system (IDS) devices into alerts that could be readily comprehended by security analysts."
As with any monitoring system, data capture and processing can take place in a number of locations. While a SIM platform can simply collect raw data from system agents and process it on a central server, in practice data is often filtered by those agents as well before transmission. That approach has two potential benefits: avoiding clogging network traffic and reducing the risk of information overload.