New versions of enterprise security-information management products from Computer Associates and SenSage look to combine event data and logs from several sources to provide users a bird's-eye view of security.

SIM software works by aggregating security-event information from intrusion-detection systems, anti-virus software, routers and servers. CA and SenSage say their updated SIM software improve on how events are reported and tracked. CA this month will release Version 8.0 of eTrust Security Command Center, and next month SenSage will unveil SenSage 3.0.

"We now have workflow for trouble ticketing," says Sam Curry, vice president of e-Trust security management at CA. "Before, you could only create a trouble ticket through third-party products, including Remedy, Peregrine or HP."

CA also is beefing up the eTrust Security Command Center's capability to correlate multiple events to detect the root cause of security problems rather than just centralize access to the information. Users will be able to write customized correlation rules through templates that ship with Version 8.0 and add a way to perform event analysis after they might have occurred.

Many of these features were developed with reseller AtosOrigin, which used eTrust Security Command Center to monitor the sprawling 60-location internal network deployed at the 2004 Summer Olympics in Greece.

Patrick Abida, vice president of Olympics and major events at AtosOrigin in Paris, says eTrust Security Command Center helped prioritize 3 million "security events" and filtered them down to what were 20 "potentially critical" problems that largely involved attempts to gain unauthorized access to the Olympics network.

SenSage, which until last week was called Addamark Technologies, next month will unveil an upgraded SIM product, Linux-based software that aggregates event information from network logs, operating systems, firewalls, and single sign-on applications.

SenSage 3.0 adds real-time event correlation and reporting, says CEO Jim Pflaging, adding, "This is for the purpose of pinpointing internal activity."

Less-complex services

While SIM is a type of monitoring and security analysis software that can be expensive to own, there is a growing array of less-complex monitoring services that can be used by corporations on an outsourced basis to help plug security holes.