As midsize companies continue to struggle with the same security concerns as larger enterprises using drastically fewer resources, some analysts and IT managers believe that in the coming years they will begin to turn en masse to security information management (SIM) tools to help bridge the gap.
A recent report by Forrester Research predicts that in the next four years the number of SIM customers with fewer than 1,000 employees will skyrocket. Currently small to medium businesses make up less than 1 percent of the SIM market, but Forrester believes that by 2011 these businesses will account for nearly 30 percent of the market.
The midsize move to acquire SIM technology will be a part of an overall jump in the SIM market, wrote Forrester analyst Paul Stamp. He believes that overall spending on SIM will shoot up from $524 million this year to $1.13 billion in 2011.
“Customers are looking more closely at how to streamline both the incident response process, which requires real-time identification of the incident, and the ability to query historical data for previous egregious activity,” he wrote. “Regulations and contractual mandates often go further than producing audit reports, too, requiring real time alerts when policies are violated on critical systems.”
According to a recent study conducted by CIO Insight , SMBs suffer from a similar number of security breaches as big companies but they usually don’t have the staff or the tools to quickly understand their causes and effects in order to respond properly to them.
As SIM price points drop and the technology matures, Stamp believes that the technology will enable SMBs to get a better handle on these incidents.
As an early adopter of SIM within the SMB market, TruMark Financial Credit Union is a prime example of how the technology can make a big difference within a small organization. This Philadelphia-area credit union services approximately 80,000 members with just 250 employees.
According to Matt Roedell, vice president of information security and network management for TruMark, the company deployed SIM technology from TriGeo Network Security in order to get a better real-time view of security events in order to deal with them quickly before they ever have a chance to snowball. He calls the technology the “backbone” of TruMark’s security program
“One of the problems you face without SIM is your inability to know in real-time what is happening in your environment. (Before SIM) there was no single tool that brought together an overview of our environment in real time,” Roedell said. “Unless you know what is happening there is no way you can be proactive in nature and start your incident response to investigate these events before they become something big.”
He says that the traditional intrusion detection and prevention systems that many of his colleagues rely upon do nothing more than fill a massive log of events that many small businesses don’t have the resources to monitor or sift through in order make use of the data.
“You deploy probes around your network and what you get is a bunch of emails that say ‘This trigger’s gone, that trigger’s gone.’ But there’s not a whole lot of correlating,” he said. “Typically you would get that email–if anyone was even looking at it–and it is possible by the time you even see it, it is too late and your network is saturated, your T1s are saturated, you can’t get to your equipment to even try to troubleshoot it or turn anything off.”
TruMark uses TriGeo to automatically prioritize and correlate events in order to provide the IT department with actionable recommendations to prevent major problems. Roedell says that his SIM makes it possible to secure his environment with the help of only one other security practitioner. He believes that this efficiency is a key driver for SIM within a smaller organization.
“If you can implement SIM you can enable people to do more of what they’re supposed to do. You can either pay someone to sit and look at log all day, and its never going to work right, or you can have people working on proactive measures all day and use this as a tool to alert them to more significant events so that they can be more productive,” he said. “Staffing is a larger concern the smaller you are. What SIM does is enable you to not have to employ a whole bunch of top-end security professionals. You can have someone implement it and baseline it correctly, and then it can be managed by other individuals once you have it configured.”
