'At the end of the day, after all the analysis has been done, we are looking at roughly 15 to 20 alerts' that really matter, he said.

Apart from transforming raw event data into actionable intelligence for security and network administrators, tools such as those from Cupertino, Calif.-based ArcSight can also be useful for forensic analysis after an attack, he said.

Like other agencies, the FAA -- which is a part of the U.S. Department of Transportation -- is also subject to audits by the Government Accountability Office and is required to implement strong incident-response capabilities under the Federal Information Security Management Act.

The new event management capability will allow the FAA to create an auditable security infrastructure to demonstrate compliance with such requirements, Brown said.