Security information management tools must address needs of businesses in areas of security and compliance.
Several analysts with an eye on the security information management
market are forecasting increased consolidation between vendors as SIM
providers look to address their customers needs.
"I reckon the stand-alone SIM market will get sucked up by the
larger systems management players-either that or SIM vendors will start
to develop and acquire more systems management features," said Paul
Stamp, an analyst at Forrester Research in Cambridge, Mass.
Last year saw a number of acquisitions in the SIM and security
event management space, including EMCs purchase of Network Intelligence
and Novells acquisition of eSecurity.
"Consolidation is definitely happening inside the industry,"
said Paul Proctor, an analyst at Stamford, Conn.-based research company
Stamp said SIM tools must feed into the wider systems management and remediation process.
"Were also going to see a greater range of platforms covered,
looking at databases and applications-which require a different
methodology from looking at networks or [operating systems]," Stamp
said. "At the application layer, youre looking for things which are
much more specific to the business youre monitoring than, say, network
Proctor said companies need to understand the value of the
information contained inside the logs and how to leverage that with
"I think that companies are challenged to get the right
information out of these products that will actually deliver value in
situations like the TJX situation," he said.
Proctor cautioned businesses not to buy into the idea that a
product will solve data integration issues, and companies should decide
what they are trying to look for in the logs before buying a product.
Vijay Basani, CEO of Acton, Mass.-based eIQnetworks, said more
comprehensive tools are key to minimizing the damage done by data
breaches such as the recent problems at TJX. The footprints of that
incident were hidden throughout the companys network, he said, and
could have been discovered sooner.
"They could have taken the corrective action ... and the same
could be argued with any breach you are seeing out there," Basani said.
Read more here about the TJX data probe.
In addition, companies are still waiting for providers to give
them scalability, said Jon Oltsik, a senior analyst with the Enterprise
Strategy Group in Milford, Mass. Individual SIM solutions often dont
meet all the varied needs corporations are looking for, such as
fulfilling both security event needs and helping to meet regulatory and
industry compliance standards, he added, echoing comments from other
"Companies need a unified solution that will bridge the gap
between the operations team and the security team, who primarily
interface for turning high-level business policy into actionable rules,
helping assess the potential impact of new threats as they arise, and
coordinating incident response," Stamp said. "At the moment, products
are aimed at one or the other-either helping identify and remediate
threats, or report on compliance with policy, but not both in an
Check out eWEEK.coms
Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.