SIM tools (2005)

Today’s busy security or network administration manager has many tools to choose from in order to watch over their IT estate.

There are tools to help discover inventory; tools that check compliance with known policies; tools that manage security or other updates; tools that identify vulnerabilities; and tools that aspire to doing all these things and more.

There are also various tools that are freely available under the open-source banner and vendor-specific tools available from hardware manufacturers. Indeed, there are more tools out there than you can shake a stick at.

Furthermore, within a typical organizational infrastructure, it is quite possible that a range of tools will be used by different departments, some of which might be focused towards specific tasks, some of which might be legacy tools and, perhaps, some that were adopted to perform tasks not previously considered pertinent.

Such a situation can create a scenario where we start to suffer from a surfeit of information, some of which might be contradictory in its detail or prioritization. The administrator must sift through this information and decide what is most pertinent and urgent. They will also wish to be able to create consistent-looking reports around events and other information. In short, they could do with a tool that can consolidate information from various sources and provide a coherent overall perspective, together with intuitive report generation and logging facilities.

Such tools do of course exist, often under the banner of “security information management” (SIM), “security event management” (SEM), “incident monitoring,” “log management,” or other such terms. The situation might seem confusing at first, but a closer appraisal should help you to understand whether a particular tool can support your overall goals. Consequently, in this group test, we examined a variety of tools that provide such capabilities.

What we hoped to find were capabilities that helped us provide a coherent view of the network and its activities, together with the ability to present such information quickly and in an intuitive manner.

We also looked for tools that provide an audit trail and reporting facilities, and that could also interface with existing tools where appropriate.

Such tools should facilitate the creation of an enterprise “security control center,” where connected assets can be monitored and assessed for vulnerability and associated risk, followed by remedial action where appropriate.

For this, you need good and pertinent information that can be filtered according to your own parameters in order to provide the intelligence you need in a timely manner. So it follows that such a tool should also be intuitive and easy to use, and capable of interfacing with a variety of tools and devices on your network.

Our candidates for this test include products that are both software- and hardware-based and which offer subtly different approaches and functions, thereby making direct comparison a little more complex, although the reader should nevertheless gain a good idea of what’s on offer.

Do these tools deliver on their promises? Do they really provide an enhancement in real terms over and above tools that you might already be using? What will it take to implement them? How easy are they to set up and use? Will you need to deploy additional resources? Should you be going down this route at all?

Naturally, everyone’s situation is a little different and much will depend on the capabilities you already have in this area. However, there is no doubt that the tools evaluated here can definitely bring some extremely useful functionality to the enterprise.

We found them all quite capable from a broad perspective, while the details of presentation and configuration vary. Being able to see your IT infrastructure, its potential vulnerabilities and events intuitively from a central location undoubtedly enables a deeper understanding as well as the ability to respond to threats in a timely manner.

The tools evaluated here can all be used to help provide you with this comprehensive perspective, partly in a standalone fashion and partly by integrating the outputs of existing tools, such as vulnerability scanners or intrusion detectors.

Clearly, any organization with significant IT assets distributed across networks should be aware of such tools and the capabilities which they could provide.

SC Magazine gives you a head start in this respect, so read on and discover how the tools tested might assist you in your quest for a secure and stable network.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.