ABSTRACT
With today’s complex networks, multiple data centers,
global hubs, disaster recovery sites, and many flavors of
platforms, the information security well-being of organiza-
tions depends on how well the millions of events generated
by these systems are collected and analyzed. Centralization
of data allows the otherwise disparate and seemingly unre-
lated information to be gathered, analyzed, and presented
as a single source. This is crucial in building a successful
SOC. An organization with a well-designed and deployed
SIM funnels events from everywhere in the network into a
central console that is being monitored by level I or level II
support personnel. The advantage is that information shar-
ing becomes much more robust and the speed by which
incidents are responded to is improved. Add this to the
capability of many SIMs with built-in IPSs and one can
have instantaneous shunning of attacks. Of course, a great
deal more thought should be given to activating the IPS
capabilities of SIMs as they can block legitimate produc-
tion traffic as well.