Matt Roedell, vice president of infrastructure and information security at TruMark Financial Credit Union in Trevose, Pa., has a big dream for his layered security network: One day, his antivirus protection, firewall, intrusion-detection system and other security tools will use integrated, intelligent security-information and event-management techniques to stop fraudulent transactions.

This story is part of a special Security Trend Watch issue, in PDF format. Download now.

An early adopter and big believer in SIEM (also called security event management or security information management), Roedell believes the technology will reach its full potential only when it's integrated into application and network security tools. Today SIEM comes in the form of stand-alone tools that collect, correlate and analyze event logs across a security infrastructure. (Compare SIEM products.)

Roedell's wish is on its way to being granted, says Kelly Kavanagh, research analyst at Gartner. SIEM providers are making creative strides, moving from mere log collection to intelligent analysis, he says. As an example, he points to SIEM's newest use case: application-layer monitoring for fraud detection or internal threat management. Companies are putting SIEM alongside their traditional security tools to collect and analyze application-level events or transaction logs for the purpose of discovering transaction combinations that are indicators of fraud or misuse, he says.

Roedell calls SIEM, which has more than 20 competing vendors, one of the fastest-growing security markets, having a growth rate of more than 50% in 2006 and 30% in 2007, when estimated revenue topped $800 million. Large enterprise companies, such as CA, Cisco, EMC (its RSA security division), IBM, Novell and Symantec, have SIEM products, as do a host of smaller companies. These include ArcSight, High Tower Software, Intellitactics, LogRhythm, netForensics, Prism Microsystems, Q1 Labs, SenSage and TriGeo.

The first indications of the full integration that Roedell wants are starting to show up, too, Kavanagh says. Such companies as CA, IBM and Novell have started to bundle or integrate SIEM with other pieces of their portfolios, including identity-based access management; systems management; and IT governance, risk and compliance management offerings.