February 22, 2010, 1:28 PM — Managed security services have been growing in popularity over the past several years, and the latest task enterprises are looking to offload to an outside provider is security information management.
SIM equipment can centralize event and log management information from security devices and computers, but the drawbacks to its use include up-front costs, complex installations and hiring the expertise to manage it. Increasingly, another way to get the benefits of SIM is through a managed service, a trend that Gartner says is really starting to roll.
SIM as a managed service only started to gain momentum within the past two years, largely due to compliance mandates such as the Payment Card Industry (PCI) data security requirements, says Gartner analyst Kelly Kavanagh. (SIM is sometimes referred to as security information and event management, or SIEM.)
Managed SIM options range from as simple as centralizing log collection and reporting, to as complex as event correlation and round-the-clock security-event monitoring. Though Gartner is only now starting to build an estimate of market size -- it's probably less that $100 million today -- players that offer SIM as a managed service are said to include SecureWorks, Tata, IBM, AT&T, BT, Verizon Business, Symantec and Trustwave, among others.
With SIM as a managed service, "they're really talking about managing the log infrastructure for the company, taking the logs for a compliance regimen," Kavanagh says. Occasionally SIM as a managed service will entail "complex correlation, perhaps related to network alerts from firewalls and switches, information that may seem to be related," he notes, and a service might provide an analyst to monitor events round the clock.
Businesses that bet on managed SIM services say they are finding it can be a cost-effective way to quickly get the benefits of SIM without the up-front cost of equipment.
"We looked at doing it in-house, but for us, it didn't make sense," says Cameron Pumphrey, director of IT at restaurant chain Fuddruckers. The company directly manages IT for more than 100 of its corporate restaurants, plus keeps track of PCI-related compliance matters for about 160 franchises which operate more independently.