by Martin-Flatin, Jean Philippe; Jakobson, Gabriel; Lewis, Lundy

When event correlation was first used in integrated management, in the early 1980s, several techniques devised by the artificial intelligence and database communities were applied to network element management for analyzing alarms sent by expensive, self-monitoring telephone switches. Today, it is used for detecting faults in wireless networks, for monitoring the performance of commodity, often non-self-aware devices in enterprise networks, for detecting intrusions in firewalls, for ascribing breaches in service level agreements to specific problems in the underlying IT infrastructure, etc. In other words, the problem to be solved has changed completely. Can today’s event correlators still meet customers’ expectations? If not, how should they evolve to meet them? In this paper, we try to capture the main lessons learned by the integrated management community in event correlation in the past 25 years, and to identify important challenges that we are faced with. By doing this, we hope to streamline and encourage research in this field, which needs better models, algorithms and systems to deal with ever more complex and integrated networks, systems and services.

DOI: 10.1007/s10922-007-9078-5
Online Date: 11/8/2007
Print publication date: 12/1/2007
View article on SpringerLink

by Hale, John; Brusil, Paul

With ever growing and evolving threats and cyber attacks, the management of enterprise security and the security of enterprise management systems are key to business—if not a nation’s—operations and survival. Secur(e/ity) management, the moniker for the intertwined topics of secure management and security management, has evolved trying to keep pace. The history of secur(e/ity) management is traced from its origins in the disjoint silos of telecommunications, internetworking and computer security to today’s recognition as necessary, interdisciplinary, interworking technologies and operations. An overview of threats and attacks upon managed and management systems shows that occurrences of ever more sophisticated, complex and harder to detect cyber misconduct are increasing as are the severity and costs of their consequences. Introduction of new technologies, expansion of the perimeters of an enterprise and trends in collaborative business partnerships compound the number of managed system targets of cyber compromise. Technical and marketplace trends in secur(e/ity) management reveal needs that must be bridged. Research attention should focus on developing axiomatic understanding of the natural laws of security, tools to realize vulnerability-free software, metrics for assessing the efficacy of secur(e/ity) management, tools for default-deny strategies so that signature-based security management can be retired, secur(e/ity) management approaches for virtualized and service-oriented environments, and approaches for composite, holistic, secur(e/ity) management.

DOI: 10.1007/s10922-007-9079-4
Online Date: 11/7/2007
Print publication date: 12/1/2007
View article on SpringerLink

by Malek, Manu

DOI: 10.1007/s10922-007-9086-5
Online Date: 11/3/2007
Print publication date: 12/1/2007
View article on SpringerLink

by Boutaba, Raouf; Aib, Issam

This paper traces the history of policy-based management and how it evolved from the first security models dating back to the late 1960’s until today’s more elaborate frameworks, languages, and policy-based management tools. The focus will be on providing a synthesized chronicle of the evolution of ideas and research trends rather than on surveying the various specification formalisms, frameworks, and application domains of policy-based management.

DOI: 10.1007/s10922-007-9083-8
Online Date: 11/3/2007
Print publication date: 12/1/2007
View article on SpringerLink