Security management advances

Three new products hitting the market.

Choices in security event management continue to grow as three SEM vendors debut products that ease central collection and analysis of log and event data generated by firewalls, intrusion-detection systems and other net gear.

ArcSight next month plans to make available an updated version of its Enterprise Security Management software, adding a way to pinpoint suspicious activity of monitored network equipment based on patterns of time and activity of insiders in real time, as well as historical analysis.

Competitor Network Intelligence this week is set to trot out the third version of its SEM product, enVision, expanding it for use by regulatory-policy compliance managers who want specific reports and alerts related to financial databases. And a new player in SEM, High Tower Software, is shipping the SEM 3210 appliance, purported to not only centrally collect and identity security data from equipment, but also propose strategies for dealing with identified problems, as well.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Choices in security event management continue to grow as three SEM vendors debut products that ease central collection and analysis of log and event data generated by firewalls, intrusion-detection systems and other net gear.

ArcSight next month plans to make available an updated version of its Enterprise Security Management software, adding a way to pinpoint suspicious activity of monitored network equipment based on patterns of time and activity of insiders in real time, as well as historical analysis.

Competitor Network Intelligence this week is set to trot out the third version of its SEM product, enVision, expanding it for use by regulatory-policy compliance managers who want specific reports and alerts related to financial databases. And a new player in SEM, High Tower Software, is shipping the SEM 3210 appliance, purported to not only centrally collect and identity security data from equipment, but also propose strategies for dealing with identified problems, as well.

In each case, the SEM vendors are out to grab attention with features others don't yet have (see graphic): Network Intelligence with monitoring reports and alerts tailored to compliance officers rather than just security managers; ArcSight with its operational time analysis to profile an individual's network usage based on the user's role in the organization and nature of the application; and High Tower, with a new SEM product with remediation advice.

While analysts appreciate the evidence of continuous improvements they've seen for half a decade from the SEM vendors, they say this week's product rollout are par for the course in a market overcrowded with contenders, ripe for consolidation and where products are too expensive.

"At $125,000 to $150,000 just to get started, it's way too high," says Gartner analyst John Pescatore about the underlying problem hindering adoption of SEM products even as they undergo constant improvement. "And there are way too many suppliers and they all sound alike."

Pescatore says Gartner counts ArcSight, Intellitactics, eSecurity, SenSage and Network Intelligence among the more prominent pure-play SEM vendors, adding that Cisco, Check Point, Symantec and Internet Security Systems also compete in the market.

Primarily because of its expense, adoption of SEM - alternately known as security information management or security information and event management - has only slowly found an audience, mainly in mid- to large-sized companies.

Larger companies have typically had the greatest need for a central reporting point for analyzing and prioritizing the huge amount of syslog, authentication and attack data generated each day by sensors, firewalls, anti-virus, as well as switches, routers and servers. Today, most SEM gear also is giving them real-time alerts and some correlating events to better identify the nature of a specific threat.

Companies adopting SEM say it's invaluable for security managers who need to stay on top of what's transpiring across the network.