Jan 01, 2012
Every security professional knows that syslog is the main protocol for security. And most Security Information and Event Management (SIEM) systems frame this as the singular way of collecting log data. For today?s security professional, syslog protocol dominates, and is almost always synonymous with logging.
However, SIEM is really more about security information of all types. It is also about event detection and management from multiple data sources, not just syslog fi les. This white paper points out some new ways to look at SNMP data in the context of identifying potential IT security threats. Specifically, we address what SNMP values are indicative of possible security threats. We also discuss why combining SNMP and syslog data to a correlation engine is a best practice for proactive SIEM. By leveraging the native SNMP data that already exists within your enterprise, you can obtain a wealth of new information that applies directly to your security management strategy.