|
Written by David Torre
|
|
Page 1 of 3
A New Way to Analyze Security Data
First off, allow me to preface this article with the disclaimer that this is not a concrete roadmap or "HOWTO" on building unified monitoring systems. Instead, consider this an informal request for comments; food for thought if you will, which hopefully cultivates ideas to solving a very complex problem: managing mind-numbing amounts of network and security data, and ultimately, making sense of it all.
Given a typical enterprise data center, you are sure to find vast assortments of mixed equipment. Firewalls, routers, and switches are of course among the usual suspects, and riding atop this digital highway are countless servers, clients, and other hardware devices. Add software and services to the mix, and you have the familiar IT infrastructure we've all grown accustomed to managing.
Established Information Security Data
Within our heterogeneous galaxy lies one universal constant: operational data. No, I'm not referring to TPS reports or widget inventory levels. I'm talking about data generated by the IT infrastructure itself. Within even mid-sized organizations you are likely to find at least a half dozen different forms of operational data, including:
- Syslogs
- IDS Logs
- SNMP
- Environmental Data
- NetFlows
- DLP Incidents
- AAA Logs
- Patch Status
- Firewall Logs
- IDS Events
- Vulnerability Data
- Service Health
Collecting and consolidating various flavors of operational data under a single, unified umbrella of management is nothing new. However, the landscape of correlating all this complex data is still evolving. While log correlators and security and information event management (SIEM) vendors claimed they have "solved" this problem, I beg to differ. Don't get me wrong, SIEMS are superb devices and have their place in the data center. But while SIEMS are the best technology we have to work with today, most SIEMS tend to be tailored to accommodate very specific functionality. These highly customized and proprietary devices lend marginal room for customization that extends beyond out of the box functionality.
<< Start < Prev 1 2 3 Next > End >>
|
|
Last Updated on Monday, 03 May 2010 06:05 |
Feed Entries 
White Papers 
