Thinking about Security Monitoring and Event Correlation

Over the past several years, there has been explosive growth in information technology due, in most part, to the Internet. Today, corporate networks are very complex. Much of this complexity is an indirect result of the Internet's rapid growth. The increased use of the Internet particularly by business has forced corporations to expand their information technology infrastructures significantly. As a result, information security incidents have grown at an even faster rate and are now a major concern globally.

Information security incidents can be characterized as the lack of availability, integrity, and/or confidentiality of data. Software and hardware vendors have dedicated a tremendous amount of research and development resources towards insuring information availability, integrity and confidentiality. This research has led to the development of security devices such as firewalls, intrusion detection systems, strong authentication and access control mechanisms, virtual private networks and public key infrastructure. Organizations worldwide are implementing these technologies to prevent or detect an information security incident.