Security staff: Don't book that vacation yet

There are promoters of security event management tools, and then there are skeptics such as META Group Inc. analyst Chris King.

"Potential users' ears prick up when vendors tell them that they can take all of the management problems those users have dealing with masses of security event data and make it just one data management problem," he said. "It's when they say they can do this magic thing called correlation when the conversation starts to go downhill."

The idea is that the tools will correlate information gathered from disparate security devices and search for patterns. Events that appear to be linked can be grouped together and brought to the security manager's attention for possible action.

Easier said than done, according to King. The problem, he said, is that you "can't exactly code for that. You can't put it into software."

A lot of the conversation about security event management tools right now is about correlation, and it's usually along the lines of "my technology is bigger than yours," he said. "Unfortunately, it's a technology without a business value right now."

There are many organizations where event log file consolidation will work fine right now, he believes. And anyway, most organizations don't have the processes in place to handle real-time event management.

"It would take massive and expensive customization for different organizations to get anything meaningful out of these tools," he said. "This is still a very immature space."

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.