MIB and SNMP traps have traditionally been used to track system health, performance and availability, but these network management tools are now ﬁnding their way into Information Security applications. Some security software vendors are now using a combination of SNMP and syslog data to identify potential security threats, linking their event management capability to take corrective action to isolate the security threats.
Recently, one of our customers reported that they are running upwards of 200 million messages per day through the CorreLog Enterprise Server – and this is just from the IBM z/OS mainframe! The closer we get to December 25, the more that number will balloon upwards. Collecting all of this data is certainly a necessity for compliance standards, forensic analysis and managing end-user performance and availability. But how can they possible make sense of all the data filing through every minute?
Topics: compliance standards, automated threat detection, collect log data, PCI DSS compliance, Log Management, security threat, enterprise SIEM system, end-user performance and availability, managing corporate IT security and compliance, indexing and storing data