A checklist for buying a security event management system
To better protect themselves against the proliferation and wide range of network security threats, organizations are building more complex, device-laden security networks.
Today's network attacks are becoming more sophisticated, and it's increasingly difficult to distinguish actual attacks from normal traffic. Best practices dictate that event logs should be periodically reviewed in-depth, looking for anomalous events indicative of an attack or compromise, rather than waiting for it to become apparent in a catastrophic system failure. The process of extracting relevant information from network events is tedious and costly and often results in delayed incident response. It can be a real drain on IT organizations. In many companies where IT budgets are stretched thin, it's not being done at all.
By Raj Patel at Computerworld.
[ Read more ]