According to CEO Jim Pflaging, the company made the decision both to reflect what the company does and to highlight the added capabilities of the companys SIM. Pflaging said SenSage 3.0 will exhibit significant improvements and expansions over the earlier product.
"Were giving our customers a one-vendor solution for SIM," Pflaging said. Previously, the companys product worked in concert with SIMs from other companies, providing a means of storing and analyzing security information over long periods of time so that events could be searched as needed.
Now, that capability is being augmented with a correlation engine and a new, much improved GUI. In the past, Pflaging said, the product was mostly designed to pass information to other applications or to respond to command line searches and reports.
The company also has added real-time detection and prevention functions to SenSage 3.0, and it has added the ability to block actions in real time. Pflaging said most customers are actually using SenSage for ensuring regulatory compliance.
He said companies must be able to prove that theyre taking required security actions, and to do that, they must save security logs that demonstrate their actions. SenSage 3.0 is able to store the complete text of every security event in the enterprise for easy retrieval.
"Everybody else normalizes their data and only takes pieces of it," said Paul Proctor, vice president of security and risk strategies at analyst firm The META Group. "If you can do that job right, it has value for organizations that require it," Proctor said. He said there are times a company might need data that was not kept when it was stored, which could cause problems. "Legally, it could be better to have all of the data," he said.
Proctor said SenSages approach creates challenges because of the sheer volume of data involved. He said it could be hundreds of gigabytes a day, and many terabytes of data every year. Proctor said organizations will have to make a decision about which route they plan to take for security and compliance management. He said there are three value propositions. The first is for organizations that need real-time security analysis, the second for archive analysis and the third to address regulatory requirements.
Each of those choices changes whether the organization is trying to study immediate threats, or long-term threats created by peoples actions over time. "You have to decide whether youre looking at actions or events," Proctor said.
Pflaging admitted that his companys new direction is taking it into a position of competing with its former partners. "Active partnerships are less important," he said, "We offer a total solution now." Pflaging said he expects that a few partners will continue to work with SenSage, and he said the software now will work with any of the big management frameworks, such as Hewlett-Packards OpenView or IBMs Tivoli.
Pflaging said one priority of the new management team was to extend the functionality of the product and to make it ready for enterprise deployment. He said the product is now ready to meet those requirements.