Security information management (SIM) is software that automates the collection of event log data from security devices such as firewalls, proxy servers, intrusion detection systems and anti-virus software. This data is then translated into correlated and simplified formats.
SIM products are software agents that communicate with a centralized server, acting as a security console and sending the server information about security-related events. The SIM displays reports, charts and graphs of this information.
SIM also functions as a security event management (SEM) tool. This is an automated tool used on enterprise data networks to centralize the storage and interpretation of logs and events generated by other network software. The software agents can add in local filters to lessen and control the data sent to the server. Security is usually monitored by an administrator, who reviews information and responds to any alerts that are issued. The data that is sent to the server to be associated and examined is translated into a common form, usually XML.
Read More »