Event Correlation in Security

by Anton Chuvakin

Related link: http://www.tisc2003.com/newsletters/57.html

In the deep and somewhat muddy sea of security marketing terms, correlation appears to be the current pack leader, closely chased by intrusion prevention. In this paper I am trying to cast a somewhat objective look at event correlation in information security and how it helps to improve the organization's security posture. The paper also covers correlation methods, their relative advantages and disadvantages, and some of the currently unresolved correlation challenges.