Can it accept data from other security-management products, databases or third-party systems?
SIM products will be critical components of larger enterprise risk-management strategies, and IT managers today need to know the data collected by unified threat management, antispyware and vulnerability-management products, to name a few, can be incorporated into the SIM intelligent event-correlation and -analysis engines. Customers should compel vendors to specify what kind of data and how much data across the enterprise the security tools can collect and correlate. IT managers should ask what third-party products the vendor supports and whether they have software developer kits available for customers to build their own integrations, if need be. For example, “the ability to integrate vulnerability data from a vulnerability-scanning engine to help it set the severity of events based on the device’s vulnerability to the threat” is a must-have feature, Gabriel says. 4. Can the product generate alerts in real-time based on complex events? It’s a given that SIM products work to collect a
