News Stay informed about the latest enterprise technology news and product updates.

Compliance-burdened CIOs turning to security management tools

Mounting regulations are forcing midmarket CIOs to implement real-time watchdog tools on their network. With big vendors catching on, the market has heated to a boil.

Compliance concerns and worries of security breaches are driving midmarket IT departments to security information and event management (SIEM) products in growing numbers, analysts at Gartner Inc. say.

And as the market for those network watchdog products heats up, small vendors are trying to hold their ground against industry heavyweights that see cash in what is still a relatively new product field.

SIEM products, sometimes known as security event management or security information management products, seek to track network activity and alert administrators to potential security threats. That goes beyond Web browsing activity and could mean catching user login failures or identifying malware as it's installed on a company computer, among other security threats.

But where large corporations have dedicated security IT staff, midmarket companies need simpler products that can be managed by a single staff member who carries a wider range of job responsibilities.

More on security information management
A new awareness for SIMs

Security information management finally arrives, thanks to enhanced features
The past three years have been a boon for the SIEM market, with 85% growth in 2005, followed by 52% and 30% growth in 2006 and 2007, respectively, according to research by Stamford, Conn.-based Gartner. Analysts at Gartner expect that growth to hold steady this year and drop off slightly in the following years as the market becomes saturated.

The increased demand for SIEM products, which commonly come as software or appliance offerings or a combination of the two, has driven CA Inc., IBM and other larger vendors into the market, bundling their SIEM products in a suite of security tools, according to Gartner.

Meanwhile, small SIEM companies are trying to hold their ground and grab their share of the growth by emphasizing the ease of use of their products and declaring themselves the experts on security breach notifications.

"It's very important that the product is extremely easy to use," said Dominique Levin, executive vice president of marketing, products and business development at San Jose, Calif.-based LogLogic Inc. The company sells a log management product with add-ons that claim to automate log management for specific compliance concerns like the Sarbanes-Oxley Act (SOX) and the Payment Card Industry Data Security Standard (PCI DSS).

Like its peers, LogLogic sees the money in midmarket companies that may be operating without recording and notification products.

"In the large enterprise, it's definitely true that before we come on the scene, people are using homegrown solutions," Levin said.

TriGeo Network Security Inc., based in Post Falls, Idaho, pitches its SIEM appliance directly at the midmarket. Like LogLogic, the company sells its product as a simple one that can shoot security notifications to an administrator by phone, if necessary.

Michelle Dickman, CEO at TriGeo, said the company's SIEM is meant specifically for smaller IT departments. It isn't useful, she said, "when the IT departments are segmented and there isn't consensus about who gets to write the rules, there isn't consensus about what actions you can take. It's when you have a security operations center."

In a market overview written last year, Gartner analysts credited LogLogic as a leader in the SIM field but said it lacked the value of real-time notifications and event management. The analysts noted TriGeo's low cost and ease of use but said it won't work in a large deployment. Other notable vendors include ArcSight Inc. and NetIQ Corp.

You've got to be able to prove that 'Hey, not anyone can walk out of here with our entire member database.'
Matt Roedell
vice president of security management and infrastructureTruMark Financial Credit Union
Matt Roedell, vice president of information security and infrastructure at Pennsylvania-based TruMark Financial Credit Union, has been using TriGeo since taking over the 20-member IT department two years ago.

To install and use many SIEM devices, "you almost need a team of people," Roedell said.

"The smaller you get, the employees become more diverse," he said. "But their ability to become a guru in a particular area is limited."

That's where the new wave of SIEMs come in, allowing for a customized, more realistic level of security alerts. Roedell said he believes more CIOs will turn toward SIEM products as they look for simple, relatively affordable ways to satisfy regulatory requirements.

"You've got to be able to prove that, 'Hey, not anyone can walk out of here with our entire member database,'" he said.

Dickman agreed, saying the rise of PCI DSS, SOX and other auditing regulations means midmarket IT departments are realizing they can't write off log management and security event management any longer.

"The requirement for this data came down into the midtier," she said.

Let us know what you think about the story; email: Zach Church, News Writer

Dig Deeper on Risk management and compliance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.