In-Depth
Three things to make you go hmmm…
- By John K. Waters
- June 1, 2005
META Group analyst Paul Proctor recommends that as you begin to evaluate security
information management solutions, keep in mind:
- It’s unrealistic to expect any SIM tool to collect and make sense
of all the data generated by every security resource in your organization.
Typical first production installations cover between 25 and 50 devices. During
the first year, that number should not exceed 100. The idea is to
keep to a data load that the SIM tools can handle.
- The rate of events per second, or EPS, can skyrocket during an attempted
or successful security breach. You will need extra bandwidth to squeeze
out security communications even during a denial of service attack.
- Make sure you understand your security information storage requirements.
Proctor offers a basic formula here: In an organization with 200 security
devices generating an average of 250 EPS each, you’ll need to store
and maintain about 1.5 terabytes of data per year.
Back to feature: Traveling
at a Zillion Events Per Second
About the Author
John K. Waters is a freelance writer based in Silicon Valley. He can be reached
at [email protected].