Security staff - don't book that vacation yet
There are promoters of security event management tools, and then there are skeptics such as META Group Inc. analyst Chris King.
"Potential users' ears prick up when vendors tell them that they can take all of the management problems those users have dealing with masses of security event data and make it just one data management problem," he said. "It's when they say they can do this magic thing called correlation when the conversation starts to go downhill."
The idea is that the tools will correlate information gathered from disparate security devices and search for patterns. Events that appear to be linked can be grouped together and brought to the security manager's attention for possible action.
Easier said than done, according to King. The problem, he said, is that you "can't exactly code for that. You can't put it into software."
[ Read more ]