Symantec released its latest security information management product on Jan. 16, an appliance that promises to help businesses more effectively correlate and store data related to almost every element of their IT defenses.
Dubbed the Symantec Security Information Manager 4.5, the new appliance boasts the ability to allow organizations to better collect and prioritize information about security-oriented events, as well as track how they respond to the incidents and feed related data into their compliance automation systems.
Symantec executives said the company spent considerable time attempting to tailor the new SIM appliance to integrate with compliance-oriented technologies, as customers are increasingly blending those efforts with their overall security strategies.
Much as customer tastes have pushed the anti-virus market leader to package its various malware-fighting programs into integrated sets of applications, versus individual point products, companies are looking for SIM technologies that offer a unified view into all of their security issues, company officials said.
Among the most significant additions in the SIM product to that end are tools that promise to help companies meet audit and compliance requirements for security monitoring and log storage, said Sandeep Kumar, senior director of product management for Compliance and Security Management at Symantec, based in Cupertino, Calif.
By expanding the role of SIM technology beyond the mere cataloguing of security incidents and tying the tools directly to compliance systems, Symantec believes that it can help businesses take a more comprehensive approach to IT governance and risk management, he said.
“These companies have been working with a range of different devices and applications over the last several years as compliance has become such a significant piece of security, they’re generating tons of data, but it remains very hard to correlate everything and tie back into a single viewpoint,” Kumar said.
“In many cases, companies are paying a lot of money to outside consultants to try and gather and make sense of all their security and compliance information, but believe that most of this work can be done via a more strategic approach to SIM.”
In addition to new features that support longer archiving of security events and logs, a key piece of supporting compliance efforts, the 4.5 release offers a wider range of automated report templates for distributing information to different workers, including security professionals, regulatory auditors and line-of-business executives.
Another addition is the inclusion of the product’s maiden Web services API (application programming interface), which can be used to publish event information to other systems and further integrate the SIM device with help desk applications.
Symantec believes that the Vista UAC is still too confusing for users. Click here to read more.
The SIM box also offers support for multiple domains, allowing companies to partition the device to support different business groups or operations teams independently, and to more concisely assign domain and role attributes to various groups of users.
By creating a more powerful, centralized SIM system that can be integrated directly into compliance automation applications made by different vendors, Symantec believes it can provide a virtual security brain that oversees control and policy for dealing with any type of threat or vulnerability.
“We think that this product can specifically replace and augment a lot of the disparate tools that enterprises are dealing with and help them gain a far more clear view of what is actually going on in their operations,” Kumar said.
“And everyone isn’t buying technology from one vendor, so it’s important to have something like an API which allows companies to a standards-based approach to address this problem. We believe we can help companies work across their existing silos of data.”
Much as with gateway security systems, Symantec contends that customers are increasingly favoring hardware-based systems, such as the new SIM appliance, in the name of protecting IT systems performance and simplifying management of the applications carried onboard.
The company maintains that the device, which starts at roughly $50,000, will appeal not only to large end-user organizations, but also to smaller firms, based on growing demand from businesses of all sizes for integrated security and compliance management systems.
Industry watchers said that the Symantec SIM 4.5 release vastly improves on the company’s existing technologies, in particular in terms of providing users with more detailed information about previous security shortcomings and advising them how to solve related issues.
While the anti-virus leader is still not considered the top dog in SIM, where smaller startups including ArcSight and Network Intelligence have risen to the top, the new offering makes Symantec a much more serious player in the space, said Paul Stamp, an analyst with Forrester Research in Cambridge, Mass.
“This release makes up for previous shortcomings in their products, largely around historical analysis, and appears to give people a much clearer understanding of what they’re doing right and wrong, both with security and compliance,” Stamp said.
“Symantec still has a lot of work to do to become more of a leader in this niche, and it’s a crowded marketplace, but people are always asking for integrated tools and that will continue to be Symantec’s greatest strength.”