How to manage intrusion data

Related Links

Spotting mischief

Agencies that want to implement an intrusion-detection solution must come up with a way to integrate all the monitoring data that is collected.

Getting a clear picture of an attacker or someone accessing resources without authorization requires an integrated approach. There are basically three ways to do this.

* First, you might consider a hybrid solution such as Internet Security Systems Inc.'s RealSecure because it collects both network- and host-related data and you won't have to integrate both datasets to see the full picture.

* Second, you might have your administrator configure both your network- and host-based tools to tap the same data source. Alternatively, you could run a routine or script at certain intervals that harvests various security collection data sources and outputs the information to a single database.

* Third, you might use a system management tool, such as Hewlett-Packard Co.'s OpenView to manage the datasets. This, too, might require some additional configuration and would require the added cost of a system management solution if you don't already have one in place.

Featured

  • Federal 100 Awards
    Federal 100 logo

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

Stay Connected