Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Security Pros Wrestle With Data Overload

Rapid growth in security is creating a growth market for security information management (SIM) tools, according to a new Dark Reading report

First, the good news: IT administrators have a ton of data about information security. The bad news, of course, is that IT administrators have a ton of data about information security.

The proliferation of events and alerts from a wide variety of security systems, services, and applications is causing headaches for IT administrators and stirring a growth market for security information management tools, according to a new report from Dark Reading.

The report, entitled "Security Information Management: Who's Doing What," suggests that the growth of log event data, security application alerts, and other "events" on the network is making it difficult for security administrators to find the root cause of security violations.

"At the same time, the emergence of new legal and regulatory requirements for IT, such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act, have also placed new challenges on today’s security administrators," the report observes. "These regulations require IT organizations not only to limit access to sensitive investment-related information and private customer data, but also to prove to auditors that these access controls are properly deployed and fully operational."

The combination of security information overload and regulatory requirements is driving a new market for SIM tools that collect and correlate data from all quarters of the security environment, including traditional IT systems, storage devices, mobile technology, and service providers' customer premises equipment, the report states.

"At their most basic level, SIM tools are data collectors that extract security-related information from other applications and then normalize the data so that it can be stored, viewed, and analyzed by a single system. They help to eliminate the 'swivel chair' approach to security problem resolution, which forces technicians to examine dozens of different consoles and applications and then correlate the information manually in order to postulate the source of the problem and potential methods of resolving it."

Because SIM technology is still emerging, there's no template for product functionality or performance. The report provides details on currently available SIM products, and provides recommendations on how to evaluate the tools.

"Beware of vendors that tell you their systems can not only monitor and analyze security problems, but can resolve them as well," the report states. "Some of their claims may be true, but IT people who depend too heavily on technology for automated problem solving historically have been disappointed."

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13485
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
CVE-2020-13486
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
CVE-2020-13482
PUBLISHED: 2020-05-25
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
CVE-2020-13458
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
CVE-2020-13459
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.