Security Event Management Gets Specialized 3

Every security product now being sold promises to help enterprises grapple with compliance issues. Most of the time this is pure vendor hype, but in the case of SEM systems there's some correlation between sales pitch and reality.

One reason is that SEM systems are basically log storage and retention devices. They demonstrate to auditors that you can monitor and report on network activity in a repeatable manner. They also demonstrate that logs are being reviewed--or at least that critical events are being brought to someone's attention.

SEM products with deep reporting capability can also be used to generate reports to meet compliance demands. "We're able to go back and show whatever an examiner or auditor wants," says Hart. "If they want to see how many changes happened from January 1st to April 30th, I can do two clicks and show that report. If they want to see a specific user, I can do that."

SEM systems that monitor changes to critical assets can also assist on the compliance front. "If you poll five CIOs about their Sarbanes-Oxley pain, you'll find it's poor change management and revision control," says Ron Gula, founder and CTO of Tenable. "They don't have vision into the configuration of their systems." By ingesting information from security and network devices throughout the network, SEM systems can provide that vision.


source : http://www.networkcomputing.com/showArticle.jhtml?articleID=172302124