Symantec Upgrades Security Information Management Appliance - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Symantec Upgrades Security Information Management Appliance

Web services API facilitates data collection. Improved data compression for storing files, as well as improved data correlation and reporting, are also on tap.

All of our efforts to defend against proliferating security threats while complying with endless regulations have one thing in common: They're creating more data for security pros to sift through, a major problem given the near-instant response time that's expected of them.

The promised land? Security information management products that pull timely, relevant information from the logs of various security systems network-wide. These systems detect threats, issue alerts, and generate reports, presenting reams of data in a more digestible and easier-to-act-on format.

The new version of Symantec's SIM appliance includes a Web services API that provides a standardized format for collecting data from intrusion detection and prevention systems, firewalls, patch and asset management systems, and a variety of security applications. Symantec SIM 4.5, starting at $50,000, also improves data compression for storing those files, as well as data correlation and reporting.

The compression feature is essential, especially as companies must preserve their data longer, says Adam Gray, CTO of IT services firm Novacoast. The company has been using a prerelease of Symantec SIM 4.5 since November to aggregate and evaluate its daily data load, which varies from a couple of hundred megabytes to 2 Gbytes.

Novacoast archives security event data for 90 days. With version 4.5, it puts its archive into a flat file, compresses the file, and stores it in a direct-attached storage device. Without the improved compression, should Novacoast need to archive events for years, "that would just be a disaster for us, although it would make the disk manufacturers happy," Gray says. He also likes the additional report templates available in the 4.5 version, which he finds are easier to read.

SIM Market ShareIdeally, SIM systems bring together event records, prioritize incidents, separate real security violations from false alarms, and aggregate security events from different locations, devices, and manufacturers, IDC analysts Charles Kolodgy and Rose Ryan wrote in a December report. Symantec, now fourth in a market that IDC pegs at $478 million and growing 25% a year, hopes the improvements to its appliance will help it catch market leaders ArcSight, NetForensics, and Network Intelligence (for which EMC paid $175 million in September). Last month, ArcSight increased storage capacity and compression on its Logger appliance.

SIM systems are too costly and complex for most small businesses, which instead collect reports from different security logs and do the threat correlation themselves. But that correlation is getting more difficult as new mandates, such as the amended Federal Rules of Civil Procedure, require businesses to retain electronic records longer in case they're needed in court. "The party line in the security community is to log everything, just in case," says William Bell, director of security at CWIE Holding.

Still, while the centralization of security info is appealing, Bell says he's more trusting of specialized data collection and reporting tools, such as Cisco's NetFlow log analyzer for network traffic. "Jack-of-all-trades" SIM systems aren't as effective, he says.

To broaden their appeal, Symantec and rivals must overcome such notions. If the vendors can deliver, they'll put managers in a better position to see, and act on, tomorrow's security threats today.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
Register for InformationWeek Newsletters
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll