Lead Image © Yoichi Shimizu, 123RF.com
Open Source Security Information and Event Management system
Security Management
A mind-numbing array of applications, operating systems, routers, firewalls, VPNs, and cloud resources confront IT security professionals, with no shortage of logs and security events that need to be correlated and interpreted. The "old-school" way of one-off solutions for various security challenges just won't work anymore. What is needed is a comprehensive solution that integrates disparate data and processes and provides knowledge and insight into security threats and a capacity to manage risks more effectively.
The Open Source Security Information and Event Management (OSSIM) system [1] is a Security Information and Event Management (SIEM) application. SIEMs are multipurpose tools for the security operations professional. They offer asset discovery, behavioral monitoring, data aggregation and correlation, security/threat intelligence, threat detection, and vulnerability assessment, among other features. SIEMs are a necessary evolution in the technology used to manage modern threats, and OSSIM is a key leader in the space.
OSSIM offers an expansive array of features that would leave any IT security professional duly impressed, including:
- Security information management
- Security event management
- Asset management and discovery
- Log management
- Network management
- IDS (intrusion detection)
- HID (host intrusion detection)
- Vulnerability assessment
- Threat detection
- Behavioral monitoring
- Netflow support
- Incident response
- Reporting
- Powerful and user-friendly web interface
- Simple-to-install, prepackaged virtual machines
OSSIM has many core components born of the open source community. It takes all of these disparate, often time-consuming-to-integrate tools and puts them under one beautifully usable web interface.
It takes the
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- AlienVault Virtual Appliance
-
New Products
-
Managing Port Scan Results with Dr. Portscan
Regularly scanning the ports on your own network prevents intruders from sneaking in, but if you have dozens or hundreds of servers, you’ll need professional help: Dr. Portscan to the rescue.
-
Implementing custom security frameworks with Bro
The Bro security framework takes a new approach to security monitoring, with the emphasis on trends and long-term analysis. -
Intrusion Detection with OSSEC
The OSSEC free intrusion detection and host-based intrusion prevention system detects and fixes security problems in real time at the operating system level with functions such as log analysis, file integrity checks, Windows registry monitoring, and rootkit detection. It can be deployed virtually anywhere and supports the Linux, Windows, and macOS platforms.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
