Study of the Enterprise Security Manager / Security Incident Manager (ESM / SIM)

  • Author(s) / Creator(s)
  • The Enterprise Security Manager / Security Incident Manager (ESM / SIM) solutions were developed to enhance security. They are also called Security Information and Event Management (SIEM) from the merge of Security Event Manager (SEM) and SIM products. Such products were developed in order to solve difficulties. These ones resided in the fact of handling logs data from heterogeneous and independent sources spread across the company.
    The idea was to collect and centralize data to process it using correlation methods, processes that could increase the detection of anomaly up to 35%. These operations save time and increase the accuracy of security alerts. The cost of data analysis was reduced by more than 50% by the ESM / SIM users. Also a Managed Security Services Provider company claimed that, its incident count decreased by 70%, its incident management labour decreased by 80% and the reporting time requirement decreased by 83%.
    Moreover, recent security laws, like the Sarbanes Oxley Act, led company to follow security compliances in order to provide evidence to business partners and stakeholders. The
    review of Security Information Management Tools article stated that through the three past years the SIM products gain ease of installation and use. Some products are bounded on
    systems or appliances which could encourage companies to try and install them. North American companies showed a strong interest on ESM / SIM solutions, 30% planned to
    implement such a solution in 2006.
    The following study will rely on brochures, demonstrations, datasheets and manuals describing the ESM / SIM solutions. Each section of the outline will describe a panel of available methods. The Open Source Security Information Management (OSSIM) solution will be used to see an ESM / SIM in action [6]. Some correlation rules and console outputs
    will be showed. It will provide an insight on the logs and alerts management and also on data correlation.

  • Date created
    2007-01-04
  • Subjects / Keywords
  • Type of Item
    Research Material
  • DOI
    https://doi.org/10.7939/r3-nshs-wh14
  • License
    Attribution-NonCommercial 4.0 International