Security information management

Security information management (SIM) is the industry-specific term in computer security referring to the collection of data (typically log files; e.g. eventlogs) into a central repository for trend analysis.^[1] SIM products generally comprise software agents running on the computers that are to be monitored, communicating with a centralized server acting as a "security console", sending it information about security-related events, which displays reports, charts, and graphs of that information, often in real time. Some software agents can incorporate local filters, to reduce and manipulate the data that they send to the server, although typically from a forensic point of view you would collect all audit and accounting logs to ensure you can recreate a security incident.

The security console is monitored by a human being, who reviews the consolidated information, and takes action in response to any alerts issued.^[2][3]

The data that is sent to the server, to be correlated and analyzed, are normalized by the software agents into a common form, usually XML. Those data are then aggregated, in order to reduce their overall size.^[2][3]

The terminology can easily be mistaken as a reference to the whole aspect of protecting one's infrastructure from any computer security breach. Due to historic reasons of terminology evolution; SIM refers to just the part of information security which consists of discovery of 'bad behavior' by using data collection techniques. The term commonly used to represent an entire security infrastructure that protects an environment is commonly called information security management (InfoSec).

Security information management is also referred to as Log Management and is different than SEM (security event management), but makes up a portion of a SIEM (security information and event management) solution.^[4]

Most famous editors and solutions in the SIM/SEM Marketplace^[5] · ^[6] · ^[7]

• Alcatel-Lucent OA Safeguard
• Araknos Akab2
• BlackStratus Netforensics
• Cisco Cisco Security Manager
• Correlog Correlog Solution Suite
• CS Prelude/Vigilo
• EMC2 RSA Security
• HP ArcSight
• LogLogic Enterprise Virtual Appliance (formerly Exaprotect)
• LogRhythm SIEM 2.0 Security Intelligence
• NetIQ Security Manager
• NitroSecurity McAfee Enterprise Security Manager
• Novell Sentinel
• Q1 Labs Qradar (an IBM Company)
• SenSage Advanced SIEM and Log Management
• Splunk Splunk
• Symantec Security Information Manager
• TrustWave Intellitactics Security Manager for SIEM

References

1. J.L. Bayuk (2007). Stepping Through the InfoSec Program. ISACA. p. 97. 
2. John Wylder (2004). Strategic Information Security. CRC Press. p. 172. ISBN 0-8493-2041-0.  More than one of |isbn13= and |isbn= specified (help)
3. Cyrus Peikari and Anton Chuvakin (2004). Security Warrior. O'Reilly. pp. 421–422. ISBN 0-596-00545-8.  More than one of |isbn13= and |isbn= specified (help)
4. http://securityinformationeventmanagement.com/ Understanding SIEM
5. Gartner Magic Quadrant May 2008
6. Gartner Magic Quadrant May 2010
7. Gartner Magic Quadrant May 2011

See also

• Information security
• Information security management
• Information security management system
• Security Information and Event Management
• Security event manager