Security management, compliance and the cloud

Security information management (SIM) technologies experienced a pretty rocky ride since emerging earlier this decade, industry watchers says, and the ride isn’t over yet for those ready to adapt to customers’ changing needs.

According to Forrester Research, SIM technology drew in enterprise security managers looking to reduce the noise among multiple security devices distributed in large environments, but lost some ground when IDS and IPS technology gained intelligence. SIM products initially used data aggregation and event correlation features similar to those of network management software and applied them to event logs generated from security devices such as firewalls, proxy servers, IDS and IPS devices, and antivirus software. SIM products also normalized data -- that is, they translated Cisco and Check Point Software alerts, for example, into a common format so the data could be correlated with one system. Like network management software, SIM tools generally consist of server software, agents installed either on servers or security devices, and a central management console.

“They transformed noisy, low-level security event information generated by firewalls and intrusion-detection system (IDS) devices into alerts that could be readily comprehended by security analysts,” reads the recent Forrester report “Market Overview: Security Information Management (SIM).”  “By correlating events from multiple devices and products, SIM products provided much-needed context and support for decision-making.”

According to a Forrester survey of 1,335 security decision-makers, 32% buy SIM technology for compliance and reporting, followed by 21% for incident investigation and 13% for log management. And Forrester says the market now is made up of more than 20 “major competitors” that fall into three categories. “Old-school” SIM vendors, upstarts focusing more on log management and cloud specialists now compete for budget dollars from security decision-makers, Forrester says. In fact, the research firm says cloud may be the way of the future for SIM, despite the hesitance to send security functions outside of an enterprise environment.

Now with compliance demands such as Payment Card Industry Data Security Standard (PCI DSS), SIM products are once again gaining considerable attention, but Forrester analysts predict the market will contract again with fewer niche product providers and give way to SIM via cloud services.

“Security functions previously thought to be strictly in-house competencies – like e-mail hygiene and antivirus – are moving to online specialists who have scale and skills,” the report reads. “SIM bears all the hallmarks of a technology ripe for outsourcing; significant infrastructure storage requirements and fixed costs; high scaling requirements for event collection servers; similar data source connectivity requirements across customers; and a compliance mandate -- PCI DSS – with highly prescriptive technical requirements.”

Do you Tweet? Follow me on Twitter here. 

Denise Dubie is senior editor with Network World.