Security information-management (SIM) products (also referred to as Security Event Management wares) automate the manual process of collecting security-specific event-log data from file systems, security appliances and other network devices. The latter include firewalls, proxy servers, intrusion-detection systems, intrusion-prevention systems, routers and switches, and antispam, antivirus and antispyware software.
SIM has data-aggregation and network event-correlation features similar to those found in network management software.
The market of late has focuses on three areas of improvement for these products – boosting their performance (how fast can you collect security information without missing an event?), tying specific security events to specific user identities and beefing up their reporting capabilities that help companies with security compliance issues (how can you help the security manager sort through the real security issues and those that are merely false-positive alerts?). While the market remains strong for SIM point products, traditional network-management vendors have been buying SIM vendors with the announced intention of integrating the security-specific event.
Additional resources
SIM Buyer's Guide
Detailed specs on SIM products.
