Compliance concerns and worries of security breaches are driving midmarket IT departments to security information and event management (SIEM) products in growing numbers, analysts at Gartner Inc. say.
And as the market for those network watchdog products heats up, small vendors are trying to hold their ground against industry heavyweights that see cash in what is still a relatively new product field.
SIEM products, sometimes known as security event management or security information management products, seek to track network activity and alert administrators to potential security threats. That goes beyond Web browsing activity and could mean catching user login failures or identifying malware as it's installed on a company computer, among other security threats.
But where large corporations have dedicated security IT staff, midmarket companies need simpler products that can be managed by a single staff member who carries a wider range of job responsibilities.
The increased demand for SIEM products, which commonly come as software or appliance offerings or a combination of the two, has driven CA Inc., IBM and other larger vendors into the market, bundling their SIEM products in a suite of security tools, according to Gartner.
Meanwhile, small SIEM companies are trying to hold their ground and grab their share of the growth by emphasizing the ease of use of their products and declaring themselves the experts on security breach notifications.
"It's very important that the product is extremely easy to use," said Dominique Levin, executive vice president of marketing, products and business development at San Jose, Calif.-based LogLogic Inc. The company sells a log management product with add-ons that claim to automate log management for specific compliance concerns like the Sarbanes-Oxley Act (SOX) and the Payment Card Industry Data Security Standard (PCI DSS).
Like its peers, LogLogic sees the money in midmarket companies that may be operating without recording and notification products.
"In the large enterprise, it's definitely true that before we come on the scene, people are using homegrown solutions," Levin said.
TriGeo Network Security Inc., based in Post Falls, Idaho, pitches its SIEM appliance directly at the midmarket. Like LogLogic, the company sells its product as a simple one that can shoot security notifications to an administrator by phone, if necessary.
Michelle Dickman, CEO at TriGeo, said the company's SIEM is meant specifically for smaller IT departments. It isn't useful, she said, "when the IT departments are segmented and there isn't consensus about who gets to write the rules, there isn't consensus about what actions you can take. It's when you have a security operations center."
In a market overview written last year, Gartner analysts credited LogLogic as a leader in the SIM field but said it lacked the value of real-time notifications and event management. The analysts noted TriGeo's low cost and ease of use but said it won't work in a large deployment. Other notable vendors include ArcSight Inc. and NetIQ Corp.
To install and use many SIEM devices, "you almost need a team of people," Roedell said.
"The smaller you get, the employees become more diverse," he said. "But their ability to become a guru in a particular area is limited."
That's where the new wave of SIEMs come in, allowing for a customized, more realistic level of security alerts. Roedell said he believes more CIOs will turn toward SIEM products as they look for simple, relatively affordable ways to satisfy regulatory requirements.
"You've got to be able to prove that, 'Hey, not anyone can walk out of here with our entire member database,'" he said.
Dickman agreed, saying the rise of PCI DSS, SOX and other auditing regulations means midmarket IT departments are realizing they can't write off log management and security event management any longer.
"The requirement for this data came down into the midtier," she said.
Let us know what you think about the story; email: Zach Church, News Writer