Getting information to the SIM varies in complexity depending on whether the SIM is collecting log files, gathering data from its own network of probes, or both. Initial efforts may be more or less dependent on how actively the SIM gathers its basic information. Does the SIM initiate scans of devices on the network, or does it simply sniff the traffic stream for events, assets, and suspicious traffic patterns?

In similar ways, the effort involved in configuring security monitoring and analysis can vary greatly depending on the degree of automation built into the SIM's installation routine. Some SIMs will put themselves into a configuration that's minimally useful by default. Others require you to step through an extensive setup routine. The payoff to this greater time investment is the system will, from the get-go, gather information tailored to your needs.

SIM vendors and solutions

This list is not intended to be exhaustive, and owing to merger and acquisition activity in the industry, it may go out of date without notice.

ArcSight: ArcSight ESM; ArcSight Interactive Discovery; ArcSight Pattern Discovery

Cisco: CiscoWorks Security Information Management Solution (SIMS)

Computer Associates: CA Security Command Center

eIQnetworks: SecureVue

Enterasys: Dragon Security Command Console

High Tower: SEM 3200

netForensics: nFX SIM One

NitroSecurity: NitroView ESM

Novell: ZENworks Endpoint Security Manager

RSA: enVision Platform

Symantec: Symantec Security Information Manager

TriGeo: TriGeo Security Information Manager