Best of 2006: Event management

The key tasks of security information management (SIM) and security event management (SEM) systems are to gather data; normalize data; correlate events (eliminate duplicates and check for patterns); respond appropriately; and learn. These systems must also contain the ability to review security events generated by disparate devices; allow correlation of those events with business criticality ratings and external threats; present the information on a dashboard that allows real-time analysis, prioritization and risk reporting; enable policy and regulatory compliance; and improve management of security resources.

It turns out that there are several things that can make a SIM/SEM offering unique. The first, is the ease with which the product can be deployed and used. On the surface, these products are very straightforward to implement.

Another differentiator is price. Some of the software products are priced deceptively low; "deceptively," because you need to take into account the cost of hardware, which can include multiple platforms, an external database if the product does not accept a free one such as MySQL, and the expense of deployment resources.

A final differentiator is performance. We found that while the appliances gave us a lot of good information, the software products were a lot more versatile. That flexibility comes with a downside, of course. They are more laborious to implement than the appliances.

TriGeo SIM 
Vendor: TriGeo Network Security 
Verdict: One of the few products we've tested over the years that actually lives up to its hype. Website: 

Vendor: High Tower Software 
Verdict: A top drawer SEM product. It is powerful, flexible and packed with features. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.