Security Information Management Systems (SIMS)
The computer security industry is guilty of overhyping and underdelivering. Again and again, it tells customers that they must buy a certain product to be secure. Again and again, they buy the products -- and are still insecure.
Firewalls didnít keep out network attackers -- in fact, the notion of "perimeter" is severely flawed. Intrusion detection systems (IDSs) didn't keep networks safe, and worms and viruses do considerably damage despite the prevalence of antivirus products. It's in this context that I want to evaluate Security Information Management Systems, or SIMS, which promise to solve a serious network problem: log analysis.
By Bruce Schneier at Schneier.
[ Read more ]