Because the user group rescheduled the agenda a bit, Peter Volckaert started with an introduction of IBM Tivoli Directory Integrator. I missed that presentation, but for the ones interested, following a link to the product site: http://www-01.ibm.com/software/tivoli/products/directory-integrator/.
And, finally, TCIEM development manager Michale Pintus and the product manager (grr … I can’t remember his name right now) gave the best of themselves explaining “Tivoli Security Information and Event Manager” in a nutshell. Until recently, companies were focusing on how to protect themselves against threads from the outside world. Because of a growing number of incidents (fraud, data loss…) initiated from inside the network, the demand for software addressing such issues became an urge.
TCIEM is comprised of two products:
1. TCIM or Tivoli Compliance Insight Manager: TCIM helps managing the billions of log file entries in a fast and efficient matter. Using an easy dashboard, one can easily gain an overview saying the environment is compliant with the security strategy in place. Using the same dashboard, an administrator can easily investigate a users’ activity, tracing security issues…
2. TSOM or Tivoli Security Operations Manager: Where TCIM is focusing on gathering information from log files, TSOM gathers real-time operational events coming from firewalls, ips-systems… TSOM also comes up with a dashboard showing security issues in real-time and serves as a launchpad to grave deeper into security issues.
Both the products are translating the complex log-data to an easily understood language, through the W7-methodology (Who, did What, When, Where, Where from, Where to and What). This data is made available through the dashboard, where further investigation is possible by clicking on the topic.
TCIM and TSOM are very closely tightened to each other; TSOM-data can easily be imported in TCIM where it is made available through the dashboard via the W7-methodology.
For those who know CARS (Common Auditing and Reporting System): on middle-term, this will be replaced by TCIEM.
And finally, we rounded up the second day with a presentation given by Guido Van Nuffelen about “Experiential Communications Management”. What it was all about? Well, Guido started his presentation by showing two short movie fragments: one of the legendary A-team, one of “Sex and the city”. After showing these, he raised a question asking what both the movies had in common: the number four. And, what he meant with that number: it seems that every good team is made up of four participants: an executer, a dreamer, a thinker, a decider. Any other combination will probably end-up in a mess: e.g. a team of 4 dreamers will bring up many ideas, but no one will be able to make it effectively working …
To summarize: the event was pretty informative, it gives the ability to get in touch with other products within the Tivoli-family and not less important … if the event is not planned during a vacation period … you do have the chance to get in contact with potential clients and IBM-people.