Chief Security Officers (CSOs) and Chief Information Security Officers (CISOs) today are focused on prioritizing security initiatives to support their business goals, and on managing technical risk and governance. Their organizations are challenged to both minimize security-based business disruptions and ensure and demonstrate compliance with privacy regulatory requirements, with a limited set of resources. Security information and event management (SIEM) technology can provide a solution to these challenges, and provide greater leverage of people and greater visibility of their existing security infrastructure.
IBM offers two SIEM complementary capabilities for the security information and events:
- A real-time, network event-oriented management dashboard that facilitates attack recognition and incident management
- An information analysis dashboard to assess how well an organization adheres to its security and governance policies
IBM Tivoli Security Information and Event Manager V1.0 (TSIEM) is comprised of two products: IBM Tivoli Security Operations Manager V4.1 (TSOM) and IBM Tivoli Compliance Insight Manager V8.5 (TCIM). These products, working together, help you realize the full promise of enterprise SIEM. By centralizing log collection and event correlation across your enterprise, you can leverage an advanced compliance dashboard to link security events and user behavior to your corporate policies.
Tivoli Security Information and Event Manager delivers a comprehensive foundation to help address your SIEM requirements. As a result, IT organizations can reduce their exposure to security breaches; collect, analyze, and report on compliance events; and manage the complexity of heterogeneous technologies and infrastructures. TSIEM provides support for numerous applications, operating systems, security products, and network infrastructures, as well as desktop and mainframe systems.
Using TCIM and TSOM together provides the benefits of both products, through their complementary user-centric and network-centric perspectives. Integration between TSOM and TCIM can provide additional unique capabilities:
- Identify important audit and administrative events from the network/security infrastructure for privileged user monitoring and compliance reporting. This leverages the broad network and security product support of TSOM and its correlation capabilities to provide added value auditable events for use in the TCIM privileged user monitoring and audit and compliance reports.
- Identify network-centric policy violations with TSOM, and forward these high level correlated events to TCIM for consolidated compliance dashboard and reporting and views.
The integration described in this document provides the foundation to accomplish these two general use cases. It describes the specific of configuring TSOM to send events to TCIM.