Capabilities and Trends in Security Information Management Systems
Carson Zimmerman - MITRE
Mar 03, 2004
AbstractComputer Security Incident Handlers are tasked with the difficult job of sifting through large amounts of data from hundreds of network devices, IDS sensors, and computer systems everyday. Security Information Management (SIM) products are relatively new to the marketplace, but already promise a wealth of features that will aid the Computer Security Incident Response Center (CSIRC) team in their quest to find evidence of intrusions buried in the data. This presentation will touch on the challenges that spurred the development of SIM products, and survey the current best of breed SIM offerings as well as the players in the SIM market. SIM features such as data aggregation, correlation, and threat assessment will be discussed and related to the CSIRC mission. The presentation will conclude with SIM market predictions, forthcoming SIM functionality, and a discussion of potential research topics related to SIM.
About the SpeakerCarson Zimmerman is an InfoSec Engineer working at The MITRE Corporation in support of major US government CSIRCs. His work focuses on helping government agencies protect against and detect network intrusion and misuse. He has recently lead studies on SIM systems for several MITRE sponsors, supports a large enterprise SIM installation, and is recognized as an authority on SIM within MITRE.
Carson received his B.S. degree in Computer Engineering from Purdue in June of 2002.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.