Security Management: Making Sense Of Events
by Christopher M. King
Posted: 01/15/2002
Abstract:
The typical large enterprise routinely is inundated with security-related alerts from heterogeneous security devices (intrusion detection systems, firewalls, VPN gateways and platforms). Network security managers are awakened at all hours by various events that seem to demand their immediate attention. These managers find themselves attempting to manually inspect or decipher reports of security anomalies from amid the reams of logs generated by their organization's array of security devices—an impossible task.
To make sense of all this information, security managers need an operational view of the security health of the enterprise. This article looks at strategies to properly alert, categorize and react to security events as they occur.
This article is reproduced by special arrangement with our partner, Business Communications
Review.
http://www.webtorials.com/main/resource/papers/BCR/paper16.htm