SIM equipment can centralize event and log management information from security devices and computers, but the drawbacks to its use include up-front costs, complex installations and hiring the expertise to manage it.
SIM as a managed service only started to gain momentum within the past two years, largely due to compliance mandates such as the Payment Card Industry (PCI) data security requirements, says Gartner analyst Kelly Kavanagh. Managed SIM options range from as simple as centralizing log collection and reporting, to as complex as event correlation and round-the-clock security-event monitoring.
Occasionally SIM as a managed service will entail “complex correlation, perhaps related to network alerts from firewalls and switches, information that may seem to be related,” he notes, and a service might provide an analyst to monitor events round the clock. The company directly manages IT for more than 100 of its corporate restaurants, plus keeps track of PCI-related compliance matters for about 160 franchises which operate more independently. Not only did the up-front costs of doing it in-house seem high — SIM equipment can easily reach into the half-million dollar range — but also Fuddruckers realized it would have to hire SIM experts to make it all work.
Largely based on information gleaned from conversations with peers, just over a year ago Pumphrey decided to try SIM as a managed service, selecting Trustwave to monitor about 500 log files at least once daily on behalf of Fuddruckers, triggering an alarm if suspicious events arise.
“We see ourselves as a managed alternative to what customers might want to do themselves with ArcSight or Q1 Labs,” says Dan Schleifer, senior product manager for managed security services at Trustwave, referring to two well-known SIM product vendors.
That’s the approach that service provider FishNet is taking, according to CEO Gary Fish.
Tom Turner, vice president of marketing and sales at Q1 Labs, says it’s comfortable partnering with a managed service provider such as FishNet, viewing the relationship “as potentially offering us a broader market.”
SecureWorks is regarded by Gartner as a “pure play” SIM managed service provider, as opposed to a global service provider that offers SIM among a wider menu of services. The security firm is a veteran in the business, having started about a decade ago.
http://www.csoonline.com/article/print/521466