Working-Class SIM

After years of targeting the largest enterprises, netForensics goes where no security information management vendor has gone before: the mid-sized business

Security information management (SIM) tool vendors have a wide variety of views on what SIM products should do and how they should work. But until now, they've all agreed on one thing: the largest enterprises are the best target.

Next week, however, one of those vendors, netForensics, will break away from the pack with a new suite of SIM, data leak prevention, and log management tools that has been revamped for use by medium-sized businesses.

On November 26, the longtime SIM vendor will unveil nFX, a suite of three new products that attempts to dispel SIM's image as a complex technology that can only be deployed by enterprises with deep pockets.

"Medium-sized businesses come under attack just as often as large busineses, if not more so," says Tracy Hulver, vice president of marketing at netForensics. "Medium-sized businesses have just as much need to achieve regulatory compliance as well. But in most cases, medium-sized businesses don't have the resources and skills to implement the kind of tools that are out there now."

The nFX suite includes SIM/One, a revamped version of netForensics's Open Security Platform that has been completely rewritten for use by network administrators and other IT staffers who have fewer security skills. "Instead of taking eight or nine clicks to get to where a user like that needs to go, it now takes one or two," Hulver says. "And instead of just monitoring your vulnerabilities, it suggests steps on what to do about them."

The nFX suite also includes new releases of netForensics Data/One, a data leak prevention tool; and Log/One, a log aggregation and analysis tool.

The SIM market has been largely stuck in a logjam for the past year or so, plagued by a wide diversity of vendors who all claim their products to be the best solution and a general sense of confusion among enterprise users who are unsure of how to select or use the tools. The entry of several large vendors, including EMC, Microsoft, Symantec, and McAfee, has further muddied the waters. (See A Multitude of SIMs.)

"The entry of those larger vendors has created some havoc for us," says Hulver, whose privately held company was one of the first into the SIM market but is dwarfed by the sheer size of its newest competitors. "If a big company like EMC decides to throw SIM capability into a big contract for next to nothing, then we get potential clients saying, 'Why should I buy you?' -- even when we are offering a whole different set of capabilities."

But while competition at the high end of the market has become fierce, enterprises in the mid-market are still largely unserved, Hulver observes. Medium-sized companies need tools that help them track the overall security of their environments, and they also need the means to prove that security to compliance auditors and regulators, he notes.

"Compliance is still the driver behind SIM," Hulver says. "Companies might use it to build out their security capabilities, but the budget to buy the tools is still coming from the compliance side."

The combination of SIM, data leak prevention, and log aggregation makes nFX an attractive package for companies that need to prove that they have established adequate security measures internally, externally, and on a legal level, Hulver observes. "That's not to say that a customer can't buy just one piece of it," he says. "We have customers that just need DLP, or just need log management, and they can buy those pieces without SIM if they want."

Is netForensics giving up on the large enterprise market? "Absolutely not," says Hulver. "But with nFX, we should be able to compete in both markets."

The nFX tools can be purchased individually as appliances or software at prices starting as low at $7,000, Hulver says. A typical implementation of Log/One will cost around $25,000, while a typical implementation of Data/One will be around $60,000. SIM/One will start at around $45,000 and an average implementation will be around $150,000 -- not exactly a song, but significantly less expensive than previous SIM implementations, which could cost more than $500,000.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • EMC Corp. (NYSE: EMC)
  • McAfee Inc. (NYSE: MFE)
  • Microsoft Corp. (Nasdaq: MSFT)
  • netForensics Inc.
  • Symantec Corp. (Nasdaq: SYMC)