IBM SELM-NET-SEL-201 Manuale Utente
Security event and log management, therefore, delivers a holistic, end-to-end
overview of network security performance unavailable via any other means.
Given the large amount of data that must be analyzed as part of a security event
and log management solution, the key to an effective security event and log
management implementation is the rapid collection, collation and correlation
of event and log data so that:
overview of network security performance unavailable via any other means.
Given the large amount of data that must be analyzed as part of a security event
and log management solution, the key to an effective security event and log
management implementation is the rapid collection, collation and correlation
of event and log data so that:
• Critical events are easily and automatically separated from normal traffic
• Clear, concise reports are available in near real-time to help administrators
• Clear, concise reports are available in near real-time to help administrators
understand exactly what happened, why it happened, how it was repaired
(or not), and how to prevent similar events in the future
(or not), and how to prevent similar events in the future
• Security practices can be easily documented to demonstrate and prove
regulatory compliance
Most security event and log management products, however, are available
only as complex software offerings, and very few customers have the in-house
capability to rapidly adapt a security event and log management solution to
changes in IT infrastructure. The result? Security event and log management
solutions that only cover part of the broader security architecture frequently
lag behind changing network topologies and do not provide analysis for events
and logs until long after an incident had been isolated or resolved. In addition,
older security event and log management software solutions often struggle with
moving large numbers of events and log files without consuming huge amounts
of network bandwidth. These issues are the reasons why, despite the promise,
market acceptance of security event and log management remains somewhat
limited.
only as complex software offerings, and very few customers have the in-house
capability to rapidly adapt a security event and log management solution to
changes in IT infrastructure. The result? Security event and log management
solutions that only cover part of the broader security architecture frequently
lag behind changing network topologies and do not provide analysis for events
and logs until long after an incident had been isolated or resolved. In addition,
older security event and log management software solutions often struggle with
moving large numbers of events and log files without consuming huge amounts
of network bandwidth. These issues are the reasons why, despite the promise,
market acceptance of security event and log management remains somewhat
limited.
A service-based security event and log management offering might overcome
these challenges. Customers who choose to receive security event and
log management as a Web-based or managed service would gain the full
advantages of an in-house solution, but without the expense and complexity
of building a security event and log management infrastructure and without
the staffing overhead of 24x7x365 monitoring and skill training. In addition
to basic security event and log management functionality, this service-based
offering also would also include the ability to automatically sort relevant
information, compress that data and prioritize log transmission so that large,
but not urgent, files do not negatively impact network performance.
these challenges. Customers who choose to receive security event and
log management as a Web-based or managed service would gain the full
advantages of an in-house solution, but without the expense and complexity
of building a security event and log management infrastructure and without
the staffing overhead of 24x7x365 monitoring and skill training. In addition
to basic security event and log management functionality, this service-based
offering also would also include the ability to automatically sort relevant
information, compress that data and prioritize log transmission so that large,
but not urgent, files do not negatively impact network performance.
Security Event and Log Management Service
Page 3
Page 3