Subscribe in a reader
Report Card: Incite #8 - Security Management (oxy)Moron
This is the last report card for today. Tomorrow you'll get the remaining 4 and I'll put a close on 2006.
Stand-alone security information management (SIM) plateaus in 2006, as consolidation continues and the need for large-scale system integration makes acceptable time to value out of reach for all but the largest enterprises. Closed correlation systems increasingly take root as users swing towards homogeneity and ratchet back expectations on which devices really need to be integrated into the management system, while leveraging the reporting infrastructure for compliance purposes.
Grade: A
Original Days of Incite post: here
Incite Redux post: here
There is not much to say here, but “I TOLD YOU SO!” The security management business (really I mean SIEM here) is made up of the lucky (e-Security and Network Intelligence - who got acquired this year), the survivor (ArcSight – who is moving into other businesses like log management and network configuration fast), and the walking dead (everyone else). And the shake-out will be severe in 2007.
It's not that the capability of correlation of security events isn't important. It's just not a stand-alone business. Cisco is moving a lot of their MARS appliances, mostly as a low-cost add-on to a network upgrade. So there is customer demand for a lower cost option to help correlate events a bit better.
Let me also touch on the futility of security “dashboards” as a market because the reality is the infrastructure vendors are going to provide that capability as well. Cisco is moving in this direction and everyone else needs to. So look for focused niche vendors that offer competing capabilities to something like MARS for a low price point to be in high demand next year.
The one opportunity that is real in the security management space, which I didn’t see a year ago is log management. Given forensic requirements and the need to do some of that correlation and analysis work, purpose-built log management products (not re-branded struggling SEM products) exit 2006 with a lot of running room.
Mike,
While you're at it, chaulk up an "A" for The Daily Incite. You've certainly earned it.
For those that don't write a lot, it is wicked hard to come up with something innovative, fresh and entertaining day after day after day!
I've talked with a lot of people in the security industry who are avid readers that like to get in a few laughs at ourselves.Word spread fast that TDI is one of the good online reads for security events of the day.
You may not be able to grade yourself on this one, but I'm happy to give you two thumbs up.
Happy New Year!
Eric