EMC has stepped up its efforts around security event management (SEM), attempting to pull security data from a slew of different hardware and software offerings. (See RSA, EMC Integrate.)
The market for security event management (SEM), or security information manamagement (SIM), as it is also known, is growing, thanks to the recent explosion in compliance regulations, both in the U.S. and overseas. (See Vendors Strike SIM Note and Germany Goes Data Crazy.)
Sarbanes Oxley and the Health Insurance Portability and Accountability Act (HIPAA) were just the first in a series of regulations forcing CIOs to come to grips with a bewildering array of audit logs and security reports. (See Users Splash Cash on SOX, Research Finds HIPAA Ineffective, In Other Words, Lying, EU Compliance Looms for Stateside IT, and Top Tips for Compliance .)
In an attempt to tap into this trend, EMC has overhauled its enVision product, which became part of the vendor's RSA division after the storage giant bought Network Intelligence last year. (See EMC Pockets Network Intelligence, EMC Acquires RSA, and EnVision Proven Functional.)
In a nutshell, enVision consists of monitoring software running on a Windows server, which trawls through logs and reports sent from different parts of the data center.
Pulling log data from switches, routers, firewalls, and databases may seem a fairly mundane activity, but it's also a critical one, according to EMC. "What you're dealing with is hundreds of thousands of events per second," says John Worrall, vice president of information and event management in EMC's RSA division. "It's important to be able to sift through them very quickly and identify which ones relate to a problem that you have to deal with now."
Yesterday the vendor took the wraps off enVision version 3.5, which extends support for both EMC storage devices and hardware from third-party vendors. EMC has also enhanced the solution with features such as Triage, which allows users to quickly draw data from reports as they come in, and the creation of watchlists to check for specific security threats, such as denial-of-service (DOS) attacks.
At least one early adopter tells Byte and Switch that enVision has made his life much easier. "There's about 250 devices that we monitor -- it would be real tough to monitor them individually," says Chris Norris, senior IT security engineer at the American Modern Insurance Group (AMIG) in Cincinnati.
The exec explains that prior to deploying enVision, his firm was drowning in a sea of logs and reports. "The biggest benefit is the ability to deal with data that was previously impossible to deal with," he says, explaining that AMIG's firewalls alone generate between 500 and 700 events or reports per second. "That deluge of data was previously very difficult to manage and now it's not."
Despite these benefits, Norris admits that there are some areas where he would like to see enVision improved. "There is always expanding the list of supported devices. I would like to see more support for different anti-virus packages," from established vendors such as Symantec, McAfee, and Trend Micro, he says. (See Symantec Signals More M&A, McAfee Launches Appliances, and Trend Micro Serves up Protection.)
Last year, a report from Dark Reading revealed that almost a third of firms have already deployed some sort of security management product, although it warned that vendors have been slow developing links to other management systems. (See Enterprises Adopt SIM Tools.)
EMC is not the only vendor playing in this space, facing stiff competition from IBM with its Tivoli Security Compliance offering, as well as netForensics' nFX security platform, which is resold by HP. (See netForensics Manages Security Info and netForensics, HP Partner.)
EMC's Worrall was unable to cite a standard list price for enVision when Byte and Switch contacted him, explaining that this depends very much on the application and the number of devices supported. "At the smaller end there are customers spending $30,000, [and at the high end] there are customers spending millions," he says.
James Rogers, Senior Editor Byte and Switch