Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Market Analysis: Security Information Management

The pressure is on for enterprise security staffs. From information-assurance initiatives to security operations to regulatory compliance, managing and verifying security controls has become incredibly complex. One critical component of the job is gathering, storing and processing data that provides situational awareness--visibility into security postures. Problem is, this information comes from myriad sources, including network devices, systems, applications and vulnerability scanners, and most logging efforts are pathetic at best. Only 38 percent of respondents to our reader poll for this article said they have a central store of system and network device logs, and 37 percent admitted they view their logs only after something happens. We spend millions trying to get on top of security data, yet auditors continue to breathe down our necks.



Early on, many security pros turned to SIM (security information management) suites, but often couldn't move beyond simply gathering IDS events and firewall logs. When we first examined the SIM market in 2002 (see "Connect the Dots"), we tested six relatively immature products; most required heavy lifting plus a hefty dose of professional services. The situation had improved somewhat when we next reviewed SIMs in late 2003 (see "Too Much Information" ). Today, several dozen vendors lay claim to different pieces of the SIM puzzle, and the only commonality is that they consistently disagree--on terms, on positioning, on value propositions. Saying the market is in disarray is an understatement. We've covered SIMs for years, and our heads are spinning. Pity the typical customer.

In this two-part package, we'll try to make sense of it all. First we'll examine critical shifts that have occurred in recent years and recommend strategies to make your log management and SIM initiatives effective. In "SIM in the City", we investigate offerings from eight vendors and tell you how they performed during a comprehensive evaluation.

  • 1