Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Security Pros Wrestle With Data Overload

Rapid growth in security is creating a growth market for security information management (SIM) tools, according to a new Dark Reading report

First, the good news: IT administrators have a ton of data about information security. The bad news, of course, is that IT administrators have a ton of data about information security.

The proliferation of events and alerts from a wide variety of security systems, services, and applications is causing headaches for IT administrators and stirring a growth market for security information management tools, according to a new report from Dark Reading.

The report, entitled "Security Information Management: Who's Doing What," suggests that the growth of log event data, security application alerts, and other "events" on the network is making it difficult for security administrators to find the root cause of security violations.

"At the same time, the emergence of new legal and regulatory requirements for IT, such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act, have also placed new challenges on today’s security administrators," the report observes. "These regulations require IT organizations not only to limit access to sensitive investment-related information and private customer data, but also to prove to auditors that these access controls are properly deployed and fully operational."

The combination of security information overload and regulatory requirements is driving a new market for SIM tools that collect and correlate data from all quarters of the security environment, including traditional IT systems, storage devices, mobile technology, and service providers' customer premises equipment, the report states.

"At their most basic level, SIM tools are data collectors that extract security-related information from other applications and then normalize the data so that it can be stored, viewed, and analyzed by a single system. They help to eliminate the 'swivel chair' approach to security problem resolution, which forces technicians to examine dozens of different consoles and applications and then correlate the information manually in order to postulate the source of the problem and potential methods of resolving it."

Because SIM technology is still emerging, there's no template for product functionality or performance. The report provides details on currently available SIM products, and provides recommendations on how to evaluate the tools.

"Beware of vendors that tell you their systems can not only monitor and analyze security problems, but can resolve them as well," the report states. "Some of their claims may be true, but IT people who depend too heavily on technology for automated problem solving historically have been disappointed."

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-1070
PUBLISHED: 2021-01-26
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an un...
CVE-2021-1071
PUBLISHED: 2021-01-26
NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to...
CVE-2020-23774
PUBLISHED: 2021-01-26
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.
CVE-2020-23776
PUBLISHED: 2021-01-26
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request.
CVE-2021-3309
PUBLISHED: 2021-01-26
packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,