Early Alerts — making sense of security information overload: Kevin Hawkins, Senior Principal Consultant, Symantec Corp

Speaking from personal experience, the typical security manager is now bombarded with information from a variety of sources, both internal and external, every minute of every hour. There are firewall logs, Intrusion Detection System (IDS) logs, vulnerability reports and patching levels, not to mention breaches of policy by staff to be dealt with. Making sense of all this information, and acting on it effectively, is a monumental task.

Research shows that a typical medium sized organization will, on average, receive 9.5 million log entries and alerts per month, generated by firewalls and IDS devices across the enterprise. After correlating the data from the various sources, an average of 620 security events will require further investigation. After weeding out the false positives -a major task in itself -some 55 of these will be determined to constitute some sort of security threat.

wireless security