Security staff: Don't book that vacation yet
- By Brian Robinson
- Jul 14, 2003
There are promoters of security event management tools, and then there are skeptics such as META Group Inc. analyst Chris King.
"Potential users' ears prick up when vendors tell them that they can take all of the management problems those users have dealing with masses of security event data and make it just one data management problem," he said. "It's when they say they can do this magic thing called correlation when the conversation starts to go downhill."
The idea is that the tools will correlate information gathered from disparate security devices and search for patterns. Events that appear to be linked can be grouped together and brought to the security manager's attention for possible action.
Easier said than done, according to King. The problem, he said, is that you "can't exactly code for that. You can't put it into software."
A lot of the conversation about security event management tools right now is about correlation, and it's usually along the lines of "my technology is bigger than yours," he said. "Unfortunately, it's a technology without a business value right now."
There are many organizations where event log file consolidation will work fine right now, he believes. And anyway, most organizations don't have the processes in place to handle real-time event management.
"It would take massive and expensive customization for different organizations to get anything meaningful out of these tools," he said. "This is still a very immature space."
Brian Robinson is a freelance writer based in Portland, Ore.