User:SecurityMeister
Appearance
Work-related Articles
[edit]Here are some articles that I've found useful for work:
- SC Mag review of some useful security products to make my daily life easier
- InfoWorld article based on some good points
- Security event manager
- Security information management
- Comparison of network monitoring systems
SEM, SIEM, SIM - they're basically the same thing. In the information technology security field the terms are used interchangeably. Splunk is cool because it's free, but it has limitations. Then you have some bigger players with more sophisticated and expensive products such as ArcSight, LogLogic, NitroSecurity, Q1 Labs, RSA and TriGeo. The key thing to consider when evaluating any of these (other than price), is how far back can you look into your logs and how long will it take. If you have a security breach, you may not know about it for up to a month. So you may have to go through an entire month's worth of data to find the security risks and stop it - and quickly!