Requirements For Managing Security Information Overload

With each high profile security attack, enterprises have reacted with corresponding measures to mitigate that threat. For example, firewalls have been deployed to tighten perimeter security, Intrusion Detection Systems (IDS) have been installed to detect network and host-based intrusions and Anti-Virus (AV) solutions have been deployed to combat worms and viruses. Each of these solutions has their distinct event and alarm reporting mechanisms. Typically, a large volume of these notifications can quickly overwhelm security administrators and if not investigated and acted upon, the attacks can cause damage to the core assets. Hence, it is essential to have a comprehensive information management strategy. To address the Enterprise Security Information Management (ESIM) problem, a number of emerging solutions have been developed. Before an enterprise adopts a particular solution, it is important to have a complete understanding of their specific requirements and priority. This paper discusses the important criteria in developing an information management solution. These requirements can be used as a guideline for comprehensive evaluation of various solutions.