18 December 2003

Event Management Systems Defend Against Information and Regulatory Overload

Security Event Management Systems Defend Against Information and Regulatory Overload: "

Yankee Group
Executive Summary

Network and security administrators daily must sift through terabytes of information written as access logs, intrusion detection system (IDS) alerts, and vulnerability and threat information. Most log information is archived without being read. Organizations also need to comply with regulations protecting the confidentiality and integrity of customer and financial information. Defining audit policies and managing log data have become pressing needs in regulated industries.

In this report, we discuss the market for security event management (SEM) systems, which are repositories for log information that manipulate and display the data in a meaningful way. Vendors created SEM systems to assist security administrators with developing policies, managing logs, responding faster to virus and hacker threats, and using the information available to continue improving defenses. SEM vendors are rising to these challenges with extensive device support, better correlation of events and robust data storage architectures. Exhibit 1 illustrates the distributed architecture of a leading security event management system.

The growing number of risks and increasing complexity of our security defenses guarantee SEM a place in the overall security solution and create an opportunity for overlapping network and systems management vendors to add value by integrating with a new breed of security solutions. This report defines a road map for the evolution of SEM. It profiles the leaders and challengers in this $90 million market and forecasts revenue growth for the next five years."

No comments:

Post a Comment