WHAT IS SIEM?
Security Information and Event Management solutions are a combination of the formerly disparate product categories of SIM (security information management) and SEM (security event management). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. The objective: To help companies respond to attacks faster and organize mountains of log data.
SIEM solutions come as software, appliances or managed services. Increasingly, SIEM solutions are being used to log security data and generate reports for compliance purposes.
MARKET ON THE RISE
Fueled originally by stealthy threats such as worms and more recently by compliance, the SIEM market is projected to grow from about $380 million last year to $873 million in 2010, according to research firm IDC.
RSA Security, the security division of EMC, estimates that the SIEM market is expanding at a rate of between 25 percent and 35 percent annually.
WHAT'S DRIVING THE SIEM MARKET?
A number of factors are behind the SIEM market's ascent. Here are some:
SIEM is ideal for compliance and reporting.
SIEM technology gives a view of internal and external threats.
SIEM solutions improve operational efficiencies and cut administrative costs.
The technology is flexible and can be made into a managed service.
In 2006, IBM, Novell and EMC bought their way into the SIEM market, leaving Arcsight, with its Enterprise Security Manager product, as the current market leader.
Network Intelligence, which EMC acquired in September, previously occupied that spot on the strength of its enVision product, used by many MSSPs to deliver SIEM-as-a-service. IBM acquired Consul and Micromuse, and Novell bought e-Security to get into this space. In addition, Attachmate acquired NetIQ.
Although Cisco's MARS appliance is sometimes seen as a SIEM product, solution providers said it focuses mainly on the event management portion of SIEM as opposed to logging data for forensics purposes.
Here's a rundown of other SIEM vendors and their products:
Check Point - Eventia
LogLogic - ST and LX appliances
eIQ Networks - SecureVue
CA - eTrust Security Command Center
Symantec - SIM appliance
SenSage - Enterprise Security Analytics (ESA)
Q1 Labs - QRadar
SIEM is a complex technology, and the market segment remains in flux. Solution providers getting into the space face the following challenges:
SIEM solutions require a high level of technical expertise.
SIEM vendors require extensive partner training and certification.
Continued market consolidation could break partnerships with SIEM vendors.
Sales cycles are long and complicated.
SIEM vendors have been slow in embracing the channel.