New SEM products add extra choices

Choices in security event management (SEM) continue to grow as three SEM vendors debut products that ease central collection and analysis of log and event data generated by firewalls, intrusion-detection systems and other net gear.

ArcSight next month plans to make available an updated version of its Enterprise Security Management software, adding a way to pinpoint suspicious activity of monitored network equipment based on patterns of time and activity of insiders in real time, as well as historical analysis.

Competitor Network Intelligence this month trotted out the third version of its SEM product, enVision, expanding it for use by regulatory-policy compliance managers who want specific reports and alerts related to financial databases.

And a new player in SEM, High Tower Software, is shipping the SEM 3210 appliance, purported to not only centrally collect and identity security data from equipment, but also to propose strategies for dealing with identified problems.

In each case, the SEM vendors are out to grab attention with features others don’t yet have: Network Intelligence with monitoring reports and alerts tailored to compliance officers rather than just security managers;

ArcSight with its operational time analysis to profile an individual’s network usage based on the user’s role in the organization and nature of the application; and High Tower, with a new SEM product with remediation advice.

While analysts appreciate the evidence of continuous improvements they’ve seen for half a decade from the SEM vendors, they say this month’s product rollouts are par for the course in a market overcrowded with contenders and ripe for consolidation where products are too expensive.

“At US$125,000 to US$150,000 just to get started, it’s way too high,” said Gartner analyst John Pescatore about the underlying problem hindering adoption of SEM products, even as they undergo constant improvement.

“There are way too many suppliers and they all sound alike.” Pescatore said Gartner counts ArcSight, Intellitactics, eSecurity, SenSage and Network Intelligence among the more prominent pure-play SEM vendors.

He added that Cisco, Check Point, Symantec and Internet Security Systems also compete in the market. Primarily because of its expense, adoption of SEM (alternately known as security information management or security information and event management) has only slowly found an audience, mainly in mid- to large-sized companies.

Larger companies have typically had the greatest need for a central reporting point for analyzing and prioritizing the huge amount of syslog, authentication and attack data generated each day by sensors, firewalls, antivirus, as well as switches, routers and servers.

QuickLink 051938

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now