As information security technology evolves and our infosec tool belts get heavier, most veteran practitioners find themselves longing for smarter--not more--tools. Sure, we have antivirus gateways, in-line content filters, firewalls, scanners, biometric devices, crypto suites and intrusion-detection systems. And we pump thousands--if not millions--of dollars into technology-enabled solutions to our technology-created problems.. . .
As information security technology evolves and our infosec tool belts get heavier, most veteran practitioners find themselves longing for smarter--not more--tools. Sure, we have antivirus gateways, in-line content filters, firewalls, scanners, biometric devices, crypto suites and intrusion-detection systems. And we pump thousands--if not millions--of dollars into technology-enabled solutions to our technology-created problems. But try as we might, the Slammers, Blasters and Welchias of cyberspace still tear through our networks like meteors on a collision course. Inundated network defenders may be forgiven for asking, Are the problems getting tougher, or are our "solutions" just not enough, or both?

So you can imagine our excitement when we discovered products designed to take existing technology and make it work smarter. When we first turned our sights on the SIM (security information management) market a year and a half ago (see "netForensics Leads a Weary Fleet,"), we had high hopes.

SIM vendors enticed us with claims that by centralizing logs, using database and visualization tools, and correlating security device and system logs, defenders could decrease workloads and increase efficiency. Who could resist?

Last year's testing, however, told a different story. We found first-generation SIM systems incredibly difficult to deploy, and they delivered only a few pieces of the big picture.

This year, we went into our testing a little less optimistic, a lot wiser and more prepared. When we asked ArcSight, e-Security, GuardedNet, Intellitactics, netForensics, NetIQ, Network Intelligence and OpenService to send products to our labs, NetIQ declined to participate in our tests, and OpenService couldn't get us product in time, so we ended up with six SIM systems to test.

The link for this article located at SecurityPipeline is no longer available.