Capabilities and Trends in Security Information Management Systems

Page Content

Carson Zimmerman - MITRE

Mar 03, 2004

RealVideo

Abstract

Computer Security Incident Handlers are tasked with the difficult job of sifting through large amounts of data from hundreds of network devices, IDS sensors, and computer systems everyday. Security Information Management (SIM) products are relatively new to the marketplace, but already promise a wealth of features that will aid the Computer Security Incident Response Center (CSIRC) team in their quest to find evidence of intrusions buried in the data. This presentation will touch on the challenges that spurred the development of SIM products, and survey the current best of breed SIM offerings as well as the players in the SIM market. SIM features such as data aggregation, correlation, and threat assessment will be discussed and related to the CSIRC mission. The presentation will conclude with SIM market predictions, forthcoming SIM functionality, and a discussion of potential research topics related to SIM.

About the Speaker

Carson Zimmerman is an InfoSec Engineer working at The MITRE Corporation in support of major US government CSIRCs. His work focuses on helping government agencies protect against and detect network intrusion and misuse. He has recently lead studies on SIM systems for several MITRE sponsors, supports a large enterprise SIM installation, and is recognized as an authority on SIM within MITRE.
Carson received his B.S. degree in Computer Engineering from Purdue in June of 2002.

Footer

Intranet Site