My data center has been recognized by IDG'S Computerworld for our use of server and storage virtualization. Computerworld awarded my team the "Best Practices in Infrastructure Management" award in the Data Center Management, IT Operations and Business Continuity category.

I have been looking at pay-to-play security information management tools. Reviewed Q1Labs Radar, Cisco Mars, and Novell's offering. The costs are tad high, particularly when a lot of the basic collections I can do with WMI scripts and C# code.

OSSIM (Open Source Security Information Management) is another option that I am looking into. Or maybe I will roll my own. Here are the key tools:

Hosts:

Log monitoring: Kiwi syslog, Snare
Signature-based analysis: Nagios, OSSEC
Vulnerability assessments: Nessus

Networks:

Local monitoring: Arpwatch
Signature-based analysis: Snort
Statistical-based analysis: Spade

Correlation:

Splunk
SQL Server 2005 SSRS and SSAS

Code or configure? Where is the best return for my time? I wager rolling my own will be a good learning experience. The money saved can then be invested in training materials and resources. Further, any analysis and cleanup will not go to waste if I change course. An off-the-shelf SIM tool will plug into a cleaned up network just as easily as it would into a unmonitored network, if not easier. I am going to keep tinkering for the time being.

That sums up my thinking at the moment.