In-Depth

Three things to make you go hmmm…

META Group analyst Paul Proctor recommends that as you begin to evaluate security information management solutions, keep in mind:

  1. It’s unrealistic to expect any SIM tool to collect and make sense of all the data generated by every security resource in your organization. Typical first production installations cover between 25 and 50 devices. During the first year, that number should not exceed 100. The idea is to keep to a data load that the SIM tools can handle.
  2. The rate of events per second, or EPS, can skyrocket during an attempted or successful security breach. You will need extra bandwidth to squeeze out security communications even during a denial of service attack.
  3. Make sure you understand your security information storage requirements. Proctor offers a basic formula here: In an organization with 200 security devices generating an average of 250 EPS each, you’ll need to store and maintain about 1.5 terabytes of data per year.

Back to feature: Traveling at a Zillion Events Per Second

About the Author

John K. Waters is a freelance writer based in Silicon Valley. He can be reached at [email protected].