Reporting standard for SIM needs to be adopted

August 23, 2006 // Posted in Security, Security Management  

You’ve got anywhere from six to 60 security applications and tools in your data center, and most of them work pretty well. There’s just one problem: None of them speak the same language.

ArcSight today attacked that problem by proposing a new log management standard, the Common Event Format, that could enable security devices and applications to present and exchange event data in a common way. The net result: Security managers might soon be able to analyze security incidents from a single screen, without plowing through event logs and data on a dozen different apps or appliances.

Amen brother.  SIMs were supposed to fix so many problems by pulling logs together and alerting on them.  But so many devices that spit out syslog messages use different formats, and then the SIM vendor has a choice: either partner with every security vendor out there, or partner with a few but accept syslog and make you create your own alerts.  Something needs to happen, and badly.  This os one of the reasons security management outsourcing is becoming so popular.

Vet

This entry was posted on August 23, 2006 at 11:09 am and is filed under Security, Security Management. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.