Several analysts with an eye on the security information management market are forecasting increased consolidation between vendors as SIM providers look to address their customers needs.
“I reckon the stand-alone SIM market will get sucked up by the larger systems management players-either that or SIM vendors will start to develop and acquire more systems management features,” said Paul Stamp, an analyst at Forrester Research in Cambridge, Mass.
Last year saw a number of acquisitions in the SIM and security event management space, including EMCs purchase of Network Intelligence and Novells acquisition of eSecurity.
“Consolidation is definitely happening inside the industry,” said Paul Proctor, an analyst at Stamford, Conn.-based research company Gartner.
Stamp said SIM tools must feed into the wider systems management and remediation process.
“Were also going to see a greater range of platforms covered, looking at databases and applications-which require a different methodology from looking at networks or [operating systems],” Stamp said. “At the application layer, youre looking for things which are much more specific to the business youre monitoring than, say, network events.”
Proctor said companies need to understand the value of the information contained inside the logs and how to leverage that with security products.
“I think that companies are challenged to get the right information out of these products that will actually deliver value in situations like the TJX situation,” he said.
Proctor cautioned businesses not to buy into the idea that a product will solve data integration issues, and companies should decide what they are trying to look for in the logs before buying a product.
Vijay Basani, CEO of Acton, Mass.-based eIQnetworks, said more comprehensive tools are key to minimizing the damage done by data breaches such as the recent problems at TJX. The footprints of that incident were hidden throughout the companys network, he said, and could have been discovered sooner.
“They could have taken the corrective action … and the same could be argued with any breach you are seeing out there,” Basani said.
In addition, companies are still waiting for providers to give them scalability, said Jon Oltsik, a senior analyst with the Enterprise Strategy Group in Milford, Mass. Individual SIM solutions often dont meet all the varied needs corporations are looking for, such as fulfilling both security event needs and helping to meet regulatory and industry compliance standards, he added, echoing comments from other analysts.
“Companies need a unified solution that will bridge the gap between the operations team and the security team, who primarily interface for turning high-level business policy into actionable rules, helping assess the potential impact of new threats as they arise, and coordinating incident response,” Stamp said. “At the moment, products are aimed at one or the other-either helping identify and remediate threats, or report on compliance with policy, but not both in an integrated solution.”
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
