New SEM products add extra choices

Choices in security event management (SEM) continue to grow as three SEM vendors debut products that ease central collection and analysis of log and event data generated by firewalls, intrusion-detection systems and other net gear.

ArcSight next month plans to make available an updated version of its Enterprise Security Management software, adding a way to pinpoint suspicious activity of monitored network equipment based on patterns of time and activity of insiders in real time, as well as historical analysis.

Competitor Network Intelligence this month trotted out the third version of its SEM product, enVision, expanding it for use by regulatory-policy compliance managers who want specific reports and alerts related to financial databases.

And a new player in SEM, High Tower Software, is shipping the SEM 3210 appliance, purported to not only centrally collect and identity security data from equipment, but also to propose strategies for dealing with identified problems.

In each case, the SEM vendors are out to grab attention with features others don’t yet have: Network Intelligence with monitoring reports and alerts tailored to compliance officers rather than just security managers;

ArcSight with its operational time analysis to profile an individual’s network usage based on the user’s role in the organization and nature of the application; and High Tower, with a new SEM product with remediation advice.

While analysts appreciate the evidence of continuous improvements they’ve seen for half a decade from the SEM vendors, they say this month’s product rollouts are par for the course in a market overcrowded with contenders and ripe for consolidation where products are too expensive.

“At US$125,000 to US$150,000 just to get started, it’s way too high,” said Gartner analyst John Pescatore about the underlying problem hindering adoption of SEM products, even as they undergo constant improvement.

“There are way too many suppliers and they all sound alike.” Pescatore said Gartner counts ArcSight, Intellitactics, eSecurity, SenSage and Network Intelligence among the more prominent pure-play SEM vendors.

He added that Cisco, Check Point, Symantec and Internet Security Systems also compete in the market. Primarily because of its expense, adoption of SEM (alternately known as security information management or security information and event management) has only slowly found an audience, mainly in mid- to large-sized companies.

Larger companies have typically had the greatest need for a central reporting point for analyzing and prioritizing the huge amount of syslog, authentication and attack data generated each day by sensors, firewalls, antivirus, as well as switches, routers and servers.

QuickLink 051938

Related Download
3 reasons why Hyperconverged is the cost-efficient, simplified infrastructure for the modern data center Sponsor: Lenovo
3 reasons why Hyperconverged is the cost-efficient, simplified infrastructure for the modern data center
Find out how Hyperconverged systems can help you meet the challenges of the modern IT department. Click here to find out more.
Register Now