Security Pros Wrestle With Data Overload

Rapid growth in security is creating a growth market for security information management (SIM) tools, according to a new Dark Reading report

2 Min Read

First, the good news: IT administrators have a ton of data about information security. The bad news, of course, is that IT administrators have a ton of data about information security.

The proliferation of events and alerts from a wide variety of security systems, services, and applications is causing headaches for IT administrators and stirring a growth market for security information management tools, according to a new report from Dark Reading.

The report, entitled "Security Information Management: Who's Doing What," suggests that the growth of log event data, security application alerts, and other "events" on the network is making it difficult for security administrators to find the root cause of security violations.

"At the same time, the emergence of new legal and regulatory requirements for IT, such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act, have also placed new challenges on today’s security administrators," the report observes. "These regulations require IT organizations not only to limit access to sensitive investment-related information and private customer data, but also to prove to auditors that these access controls are properly deployed and fully operational."

The combination of security information overload and regulatory requirements is driving a new market for SIM tools that collect and correlate data from all quarters of the security environment, including traditional IT systems, storage devices, mobile technology, and service providers' customer premises equipment, the report states.

"At their most basic level, SIM tools are data collectors that extract security-related information from other applications and then normalize the data so that it can be stored, viewed, and analyzed by a single system. They help to eliminate the 'swivel chair' approach to security problem resolution, which forces technicians to examine dozens of different consoles and applications and then correlate the information manually in order to postulate the source of the problem and potential methods of resolving it."

Because SIM technology is still emerging, there's no template for product functionality or performance. The report provides details on currently available SIM products, and provides recommendations on how to evaluate the tools.

"Beware of vendors that tell you their systems can not only monitor and analyze security problems, but can resolve them as well," the report states. "Some of their claims may be true, but IT people who depend too heavily on technology for automated problem solving historically have been disappointed."

— Tim Wilson, Site Editor, Dark Reading

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading


Tim Wilson is Editor in Chief and co-founder of Dark, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights