主页 / 安全趋势 / Critical Capabilities for Security Information and Event Management Technology 2009
  • 标签
  • 简介
    • SIM provides log management — the collection, reporting and analysis of log data (primarily from host systems and applications, and secondarily from network and security devices) — to support regulatory compliance reporting, internal threat management and resource access monitoring. SIM supports the privileged user and resource access monitoring activities of the IT security organization, and the reporting needs of the internal audit and compliance organizations.

    • SEM processes log and event data from security devices, network devices, systems and applications in real time to provide security monitoring, event correlation and incident response. SEM supports the external and internal threat monitoring activities of the IT security organization, and improves incident management capabilities.

    Common Core Capabilities

    • Event and data collectors
    • Filtering options at the source
    • Correlation
    • Event normalization and taxonomy
    • Scalable architecture and deployment flexibility
    • Deployment and support simplicity
  • 提示
    本站仅做资料的整理和索引,转载引用请注明出处
相关推荐
附件下载
  • Gartner_Crit_Cap_2009.pdf
    时间: 大小: 0.16 M 下载: 17