How to manage intrusion data

Agencies that want to implement an intrusion-detection solution must come up with a way to integrate all the monitoring data that is collected.

Getting a clear picture of an attacker or someone accessing resources without authorization requires an integrated approach. There are basically three ways to do this.

* First, you might consider a hybrid solution such as Internet Security Systems Inc.'s RealSecure because it collects both network- and host-related data and you won't have to integrate both datasets to see the full picture.

* Second, you might have your administrator configure both your network- and host-based tools to tap the same data source. Alternatively, you could run a routine or script at certain intervals that harvests various security collection data sources and outputs the information to a single database.

* Third, you might use a system management tool, such as Hewlett-Packard Co.'s OpenView to manage the datasets. This, too, might require some additional configuration and would require the added cost of a system management solution if you don't already have one in place.