An Information Security Place

You’ve got anywhere from six to 60 security applications and tools in your data center, and most of them work pretty well. There’s just one problem: None of them speak the same language.

ArcSight today attacked that problem by proposing a new log management standard, the Common Event Format, that could enable security devices and applications to present and exchange event data in a common way. The net result: Security managers might soon be able to analyze security incidents from a single screen, without plowing through event logs and data on a dozen different apps or appliances.

Amen brother.  SIMs were supposed to fix so many problems by pulling logs together and alerting on them.  But so many devices that spit out syslog messages use different formats, and then the SIM vendor has a choice: either partner with every security vendor out there, or partner with a few but accept syslog and make you create your own alerts.  Something needs to happen, and badly.  This os one of the reasons security management outsourcing is becoming so popular.

Vet

Just to let all my thousands (yea, right) of loyal readers know, I am going through some transition right now.  I will explain more fully later, but that is the reason I have not been posting this week (and the fact that I am preparing for our annual audit here at work).  I hope to get some time this week to look at the news more closely and develop some opinions (developing opinions is not too difficult for me, as you may well know).

Vet