Gartner分析报告：SIEM技术评估

Gartner收购Burton Group后，Burton的IT1 Reasearch成为了Gartner的一个子品牌。Burton的研究报告一般都比较深入细致，更偏技术。就在2010年9月24日，Ramon Krikken发表一份研究报告《SIEM Technology Assessment》。
摘要如下：The ongoing evolution of threats and regulations requires the enterprise to put in place systems to perform security monitoring and auditing of a variety of IT components. Security information and event management (SIEM) is an important technology component of an enterprise security auditing and monitoring strategy. In this assessment, Analyst Ramon Krikken examines SIEM technology (including the data it collects, as well as its architecture, analysis capabilities, and user interface) and its place in the greater security monitoring, auditing, and management infrastructure. He also provides recommendations for implementing SIEM in enterprise environments.
以下是该报告的目录：
 

• Summary of Findings
• Analysis
  • SIM, SEM, or SIEM: Threat, IT, and Compliance Management Evolution
    • Threat Analysis and Incident Management
    • Compliance Measures and Compliance Measurement
    • Beyond Infrastructure: User and Application Monitoring
    • Beyond Security: Operational Monitoring
  • Information Overload: And Still Not Enough Data?
    • Data of All Shapes and Sizes: Event, State, and Context
    • Data Everywhere: Collecting and Managing Security Information
  • Security Monitoring Architecture and SIEM
    • Scalability and Availability Through Componentization
    • Security Monitoring System Hierarchies
    • Security Monitoring in Cloud Environments
    • The Effect of Standards (or Lack Thereof)
  • Deriving Actionable Information Through Analytics
    • Real-Time and Post Hoc Data Analysis
    • Rule-Based Event Analytics
    • Anomaly Detection Event Analytics
    • Information Interfaces, Exploration, and Visualization
  • Organizational Factors in Implementation
  • Strengths
  • Weaknesses
• Recommendations
• Notes
• Further Information