How to manage intrusion data

Related Links

Spotting mischief

Agencies that want to implement an intrusion-detection solution must come up with a way to integrate all the monitoring data that is collected.

Getting a clear picture of an attacker or someone accessing resources without authorization requires an integrated approach. There are basically three ways to do this.

* First, you might consider a hybrid solution such as Internet Security Systems Inc.'s RealSecure because it collects both network- and host-related data and you won't have to integrate both datasets to see the full picture.

* Second, you might have your administrator configure both your network- and host-based tools to tap the same data source. Alternatively, you could run a routine or script at certain intervals that harvests various security collection data sources and outputs the information to a single database.

* Third, you might use a system management tool, such as Hewlett-Packard Co.'s OpenView to manage the datasets. This, too, might require some additional configuration and would require the added cost of a system management solution if you don't already have one in place.

Featured

  • Elections
    voting security

    'Unprecedented' challenges to safe, secure 2020 vote

    Our election infrastructure is bending under the stress of multiple crises. Administrators say they are doing all they can to ensure it doesn't break.

  • FCW Perspectives
    zero trust network

    Can government get to zero trust?

    Today's hybrid infrastructures and highly mobile workforces need the protection zero trust security can provide. Too bad there are obstacles at almost every turn.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.