Enterprises look for help managing security logs

Enterprises look for help managing security logs

Managed security services have been growing in popularity over the past several years, and the latest task enterprises are looking to offload to an outside provider is security information management.

SIM equipment can centralize event and log management information from security devices and computers, but the drawbacks to its use include up-front costs, complex installations and hiring the expertise to manage it. Increasingly, another way to get the benefits of SIM is through a managed service, a trend that Gartner says is really starting to roll.

SIM as a managed service only started to gain momentum within the past two years, largely due to compliance mandates such as the Payment Card Industry (PCI) data security requirements, says Gartner analyst Kelly Kavanagh. (SIM is sometimes referred to as security information and event management, or SIEM.)

Managed SIM options range from as simple as centralizing log collection and reporting, to as complex as event correlation and round-the-clock security-event monitoring. Though Gartner is only now starting to build an estimate of market size -- it's probably less that $US100 million today -- players that offer SIM as a managed service are said to include SecureWorks, Tata, IBM, AT&T, BT, Verizon Business, Symantec and Trustwave, among others.

With SIM as a managed service, "they're really talking about managing the log infrastructure for the company, taking the logs for a compliance regimen," Kavanagh says. Occasionally SIM as a managed service will entail "complex correlation, perhaps related to network alerts from firewalls and switches, information that may seem to be related," he notes, and a service might provide an analyst to monitor events round the clock.

Businesses that bet on managed SIM services say they are finding it can be a cost-effective way to quickly get the benefits of SIM without the up-front cost of equipment.

"We looked at doing it in-house, but for us, it didn't make sense," says Cameron Pumphrey, director of IT at restaurant chain Fuddruckers. The company directly manages IT for more than 100 of its corporate restaurants, plus keeps track of PCI-related compliance matters for about 160 franchises which operate more independently.

Not only did the up-front costs of doing it in-house seem high -- SIM equipment can easily reach into the half-million dollar range -- but also Fuddruckers realized it would have to hire SIM experts to make it all work.

Largely based on information gleaned from conversations with peers, just over a year ago Pumphrey decided to try SIM as a managed service, selecting Trustwave to monitor about 500 log files at least once daily on behalf of Fuddruckers, triggering an alarm if suspicious events arise.

"Trustwave has a box we put in here," Pumphrey says, and logs are centralized and sent to Trustwave's data center via secure connections. Fuddruckers had to ensure its restaurants have sufficient bandwidth to support SIM as a service. But so far, it's worked well for PCI compliance purposes -- with Fuddruckers assuming a monthly cost based on numbers of software agents deployed as collectors.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Managed ServicesrsatrustwaveFishNetSIM-as-a-serviceSIM services

More about ArcSightAT&TAT&TBT AustralasiaGartnerIBM AustraliaIBM AustraliaRSASecureWorksSymantecTataVerizonVerizon

Show Comments