Firms drowning in security alert overload

Security monitoring software continuously spews out floods of system logs

Companies are drowning in information overload from enterprise data and network management technologies, including monitoring software, diagnostic tools and security alert systems that continuously spew out floods of system logs.

The latest report from Dark Reading Security Insider claimed that, to solve this problem, organisations are increasingly deploying security information management (Sim) systems that correlate information from several sources and draw conclusions about the likely cause of security issues. 

The report noted that Sim tools are mature enough for broad-scale deployment, and that some 30 per cent of enterprises are already using the technology.

Dark Reading found that compliance is the key driver for Sim deployment in many organisations, even outweighing the security needs.

Performance is difficult to rate, the research warned, as vendors do not agree on the correct method for counting events per second. It also pointed out that Sim vendors have been slow to develop links to other management systems.

"A good Sim system must not only collect and correlate security data, but be able to report that data in a format that meets the needs of different users within the organisation," said Tim Wilson, author of the report.

"For instance, most Sim vendors have revamped the reporting capabilities of their systems to meet the special requirements of compliance projects, and some have altered their security reporting capabilities as well."