The IT security field has changed drastically in recent years. The intensive use of the Internet infrastructure presents a security risk for essential business applications and services and not only in the operations area. In recent times, companies have been confronted by completely new scenarios triggered by the increasing integration of business processes and the linking of external partners and customers into previously closed IT systems. At the same time, the legal and regulatory framework has been tightened considerably, particular in the USA (for example with the Sarbanes-Oxley Act or Gramm-Leach-Bliley Act), as well as in Europe (for example, Basel II, European Privacy Act).

In order to be able to even uncover attacks on the IT infrastructure and properly respond to them, a security management und monitoring system must be implemented that is exactly matched to the security needs of the enterprise. In addition, documented compliance with the legal and regulatory framework, an important indicator for IT security risk management, is made possible through compliance reporting.

However, the problem is that thousands of events are generated daily and an enormous amount of data must be analysed individually within IT security. It is almost impossible to separate the good from the bad. Since all of the events, data, and information produced by the security components are important, however, they have to be evaluated and brought into relationship with other data and information so that their real importance is apparent. This is very time-consuming, costly process subject to a great deal of error.

The implementation of a security monitoring and reporting solution here enables automated, all-embaracing, and manufacturer-independent management of security-relevant activities, events and alarms along with compliance reporting.