Selecting the Best Security Information Management Tool

By David Balaban posted 04-27-2016 14:06


IT specialists purchasing SIM tools need to concentrate on several important characteristics when examining and evaluating vendor offers.

As environments in which SIM systems will be implemented may vary, all IT supervisors searching for security information management products should ask themselves the following:

So how exactly does the tool scale?

IT supervisors should calculate the quantity of devices from which they need to gather data question the supplier if their solutions may handle the big volumes of log information.

A lot of SIM solutions show what number of events per second they are able to catch, evaluate and store. Some will require setting up multiple collection servers. Other may need supplemental storage volumes available or feature plans with partners to reward them for archiving the raw log statistics. You have to be 100% sure the tool can go with your network.

Does the SIM product contain log-management capabilities?

Compliance policies may be equally specific and obscure on how and for how long companies should keep their log information. It seems sensible that SIM systems are accumulating logs from controlled devices, also need to ensure that log data is managed and archived effectively and correctly.

Certain policies, such as the Payment Card Information Data Security Standard, require log managing and archiving. Some others, such as the Sarbanes-Oxley Act, tend to be more opaque, only demanding companies to establish the reliability and stability of business procedures, meaning they should demonstrate they are tracking applications and the infrastructure for inappropriate activities.

Is it compatible with other security-management products and solutions, databases or third-party equipment?

SIM systems are going to be essential elements of bigger enterprise threat-management strategies. IT supervisors have to know the information accumulated by unified threat management, anti-malware and vulnerability-management solutions can be integrated into the SIM automated event-correlation and analysis engines.

Again, buyers must oblige suppliers to indicate exactly what type of data and what amounts of data, their security instruments can collect and identify. IT supervisors must inquire what third-party solutions the provider supports and whether or not the software developer kit is available for customers to put together their unique architectures if necessary.

Will the SIM system create alerts in real-time influenced by several compound events?

IT managers need to question the vendor whether the SIM systems is able to take diverse situations and actions occurring across an environment and decide if all of any of them relate with a typical threat scenario.

IT managers must understand if the SIM tool they intend to buy may be able to recognize blended threats where the elements of worms, malicious code, viruses, and Trojans blend with server and browser vulnerabilities to launch and distribute an attack. SIM must incorporate the power to produce real-time alerts created based on complicated, nested situations.

Does the SIM solution provide active-response functionality?

A more advanced SIM functionality is an active response. It means the system takes specific actions on the basis of the information gathers. In the event a person working remotely is frequently trying to gain access to a server without success utilizing the incorrect password, the security information management product may cut out all traffic to this server.

Active-response functionality must adhere to all company procedures. Since the self-regulating moves were taken by SIM to stop a data breach can turn off many servers and result In wrong network functioning, it should not become a cut-and-dried functionality. When thinking about internal and external attacks, the technology should fully understand where to cut off traffic and for what period of time. If you think you want it, active-response is really more challenging than it seems.