An Analysis of Information Security Event Managers

The most effective security starts with real time visibility into all activity on all systems, networks, database and applications. In this paper the focus in on structured data however, some semi-structured and unstructured data is also explored. Whether the source is from network traffic, user activity, or the application user; any variation from normal of abnormal activity could indicate that a threat is imminent and that your data or infrastructure is at risk. In the last several years, there has been a disturbing trend in which attackers are innovating much faster than the defenders. There has been a commercialization of malware with attack kits available through underground forums for anyone who wants to perpetrate any variety of attacks. Large botnets are available for rent, allowing attackers to send spam or launch DDos (distributed denial-of-service) attacks. Many attackers reuse malware and command and control (C & C) and methods, adapting their products over time to keep ahead of the anti-malware industry and security professionals. This paper surveys ESMs (Enterprise Security Managers) and cyber-attack case studies.