Page 11 - index
P. 11
Deep Packet Inspection and Information Management
Systems
The Latest in the SIM/SIEM Evolution
By Shawn Sweeney, Procera Networks
Not so long ago, some clever folks realized that there was a significant market opportunity in
the collection, correlation and analysis of network events—especially as it related to security
appliances and the rich and valuable information they provided. And thus a group of
companies sprung up around a category of products that addressed the pain point of making
sense of the vast ocean of information being cranked out by these various network
elements.
Broadly, these systems did their magic under the monikers of Security Information
Management (SIM) and Security Information and Event Management (SIEM), terms that
were used somewhat interchangeably.
In the early days much of the market and development focus surrounded the normalization
of events, as there were as many formats as types network devices and security appliances
from which to collect them. Each network entity it seemed, having been crafted by different
group of engineers, had its own way to encode and present events. Sifting through this
diverse pile of data took a great deal of time, effort and know-how. Not all of it intuitive or
obvious.
Additional advances in visualization, presentation and correlation took place as well and
provided Network Managers with a rich panoply of options. Over time, most devices and
supporting software moved to standards-based formats and protocols making the collection
and correlation issues less problematic.
With an increasing dependence on and ubiquity of wireless, along with the recent flood of
Bring Your Own Device (BYOD) and Software as a Service (SaaS) initiatives changing the
dynamic in corporate enterprise networks, the ability to have true application visibility has
come to the fore. SIM/SIEM solutions have always depended on the collection of data in
order to maintain relevance.
With sophisticated solutions running the gamut from security management to compliance
and fraud protection, traditional data sources, such as logs and probes, may not suffice. In
these cases, no longer is basic information about events, traffic flows and device
connections sufficient to support the portfolio of advanced solutions the vendors are bringing
to market.
Fortunately for these same vendors, there is a new sheriff in town. In the past, detailed
information about network traffic was the sole provenance of the few. Companies with a
focus on Deep Packet Inspection (DPI) would position their wares for this purpose and
cause confusion among customers or divert budget dollars from more well understood
security and compliance applications.
With the advent of comprehensive and competent offers from DPI experts for the embedded
marketplace, SIM/SIEM vendors now have a path to providing this important functionality—
11 Cyber Warnings E-Magazine – April 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
