Channels ▼
RSS

SIEM: A Market Snapshot


If you're not familiar with SIEM technology, you soon will be. This fast-growing security segment is now part of the product lineup of all the top security vendors. Here's a snapshot of this emerging space.

WHAT IS SIEM?
Security Information and Event Management solutions are a combination of the formerly disparate product categories of SIM (security information management) and SEM (security event management). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. The objective: To help companies respond to attacks faster and organize mountains of log data.

SIEM solutions come as software, appliances or managed services. Increasingly, SIEM solutions are being used to log security data and generate reports for compliance purposes.

MARKET ON THE RISE
Fueled originally by stealthy threats such as worms and more recently by compliance, the SIEM market is projected to grow from about $380 million last year to $873 million in 2010, according to research firm IDC.

RSA Security, the security division of EMC, estimates that the SIEM market is expanding at a rate of between 25 percent and 35 percent annually.

WHAT'S DRIVING THE SIEM MARKET?
A number of factors are behind the SIEM market's ascent. Here are some:

• SIEM is ideal for compliance and reporting.
• SIEM technology gives a view of internal and external threats.
• SIEM solutions improve operational efficiencies and cut administrative costs.
• The technology is flexible and can be made into a managed service.

THE PLAYERS
In 2006, IBM, Novell and EMC bought their way into the SIEM market, leaving Arcsight, with its Enterprise Security Manager product, as the current market leader.

Network Intelligence, which EMC acquired in September, previously occupied that spot on the strength of its enVision product, used by many MSSPs to deliver SIEM-as-a-service. IBM acquired Consul and Micromuse, and Novell bought e-Security to get into this space. In addition, Attachmate acquired NetIQ.

Although Cisco's MARS appliance is sometimes seen as a SIEM product, solution providers said it focuses mainly on the event management portion of SIEM as opposed to logging data for forensics purposes.

Here's a rundown of other SIEM vendors and their products:

• Check Point - Eventia
• LogLogic - ST and LX appliances
• eIQ Networks - SecureVue
• CA - eTrust Security Command Center
• Symantec - SIM appliance
• SenSage - Enterprise Security Analytics (ESA)
• Q1 Labs - QRadar

IMPLEMENTATION CHALLENGES
SIEM is a complex technology, and the market segment remains in flux. Solution providers getting into the space face the following challenges:

• SIEM solutions require a high level of technical expertise.
• SIEM vendors require extensive partner training and certification.
• Continued market consolidation could break partnerships with SIEM vendors.
• Sales cycles are long and complicated.
• SIEM vendors have been slow in embracing the channel.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video