Security Pros Wrestle With Data Overload
Rapid growth in security is creating a growth market for security information management (SIM) tools, according to a new Dark Reading report
First, the good news: IT administrators have a ton of data about information security. The bad news, of course, is that IT administrators have a ton of data about information security.
The proliferation of events and alerts from a wide variety of security systems, services, and applications is causing headaches for IT administrators and stirring a growth market for security information management tools, according to a new report from Dark Reading.
The report, entitled "Security Information Management: Who's Doing What," suggests that the growth of log event data, security application alerts, and other "events" on the network is making it difficult for security administrators to find the root cause of security violations.
"At the same time, the emergence of new legal and regulatory requirements for IT, such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act, have also placed new challenges on today’s security administrators," the report observes. "These regulations require IT organizations not only to limit access to sensitive investment-related information and private customer data, but also to prove to auditors that these access controls are properly deployed and fully operational."
The combination of security information overload and regulatory requirements is driving a new market for SIM tools that collect and correlate data from all quarters of the security environment, including traditional IT systems, storage devices, mobile technology, and service providers' customer premises equipment, the report states.
"At their most basic level, SIM tools are data collectors that extract security-related information from other applications and then normalize the data so that it can be stored, viewed, and analyzed by a single system. They help to eliminate the 'swivel chair' approach to security problem resolution, which forces technicians to examine dozens of different consoles and applications and then correlate the information manually in order to postulate the source of the problem and potential methods of resolving it."
Because SIM technology is still emerging, there's no template for product functionality or performance. The report provides details on currently available SIM products, and provides recommendations on how to evaluate the tools.
"Beware of vendors that tell you their systems can not only monitor and analyze security problems, but can resolve them as well," the report states. "Some of their claims may be true, but IT people who depend too heavily on technology for automated problem solving historically have been disappointed."
— Tim Wilson, Site Editor, Dark Reading
About the Author
You May Also Like