SIM/ESM: Ripe for consolidation?

Consolidation could come in security information management market

Industry analysis by Beth Schultz, plus the latest news headlines.

Recently, Micromuse announced plans to augment its security information management products with its acquisition of GuardedNet, one of the longstanding players in the space.

This event was not a surprise. With limited differentiation among competing offerings, the SIM market has become highly competitive - as suggested by the number of competing taxonomies that describe it. Segment leaders ArcSight, e-Security, Intellitactics and netForensics, as well as challengers such as Network Intelligence and OpenService, increasingly go up against larger players like Computer Associates, NetIQ and Symantec - all competing for highly demanding integration efforts among the largest and most complex verticals.

In this atmosphere, GuardedNet had been particularly aggressive in its partnership efforts, so the acquisition was not unexpected, and will significantly shore up the competitive positioning of both Micromuse and the well-pedigreed GuardedNet team.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Recently, Micromuse announced plans to augment its security information management products with its acquisition of GuardedNet, one of the longstanding players in the space.

This event was not a surprise. With limited differentiation among competing offerings, the SIM market has become highly competitive - as suggested by the number of competing taxonomies that describe it. Segment leaders ArcSight, e-Security, Intellitactics and netForensics, as well as challengers such as Network Intelligence and OpenService, increasingly go up against larger players like Computer Associates, NetIQ and Symantec - all competing for highly demanding integration efforts among the largest and most complex verticals.

In this atmosphere, GuardedNet had been particularly aggressive in its partnership efforts, so the acquisition was not unexpected, and will significantly shore up the competitive positioning of both Micromuse and the well-pedigreed GuardedNet team.

Does this signal the consolidation of SIM, particularly in light of Cisco’s acquisition of Protego Networks late last year? While the answer remains to be seen, SIM’s potential for complementing network and systems management has long been noted.

SIM aggregates and correlates security event data from a number of sources. As the market has matured, some SIM products have been positioned as enterprise security management (ESM) systems that can “close the loop” on security event management. This is why HP has multiple partnerships here, and even IBM has a Tivoli offering (though hardly on a par with ESM leaders).

Management vendors aren’t the only ones with an interest in SIM/ESM. Symantec continues to leverage its own management assets to beef up its enterprise strategy. Protego’s functionality has become a cornerstone of Cisco’s approach to security management - but the company partners with leaders such as netForensics when additional depth in SIM/ESM is required.

One of the more interesting security management partnerships is between EMC and SenSage. SenSage is differentiated by its ability to correlate meaningful data from a large body of unstructured information. Today, SenSage uses this capability in security analytics. Its technology could, however, become valuable to EMC in managing massive amounts of data, which could play a role in EMC’s forward-looking approach to information lifecycle management.

With so many potential suitors, why haven’t we seen more consolidation in SIM/ESM already? For one thing, leaders are still able to maintain competitive positioning - but also, the products are still maturing. The integration and correlation of multiple information sources is demanding enough, but security threats are constantly evolving, and their management poses some of the greatest challenges in IT. Some management tools may not yet be fully ready to integrate with ESM, since the nature of security event management can be outside the scope of what they can presently embrace.

Interest in SIM/ESM remains high, fueled in part by the increasing demands of regulatory compliance. Emerging trends such as service-oriented architectures also play a role, since SOAs will need centralized management of security issues originating from a number of sources. In this atmosphere, I doubt that any SIM/ESM vendor is going to want the $16.2 million paid for GuardedNet to set the bar for an exit.

Schultz is a longtime IT journalist. You can email her or find her here.