As Ronald van Geijn, director of product marketing at Symantec sums it up, SIM is no longer the domain of the "usual suspects" that vendors rely upon to be the early adopters of any security technology that shows promise.
Those suspects are government, finance, banking and insurance organizations. Early adopters were mainly organizations with sophisticated security operations which saw the advantages of a technology that would correlate threat information that was being thrown up by the masses of other security devices on their networks.
Many industry insiders say SIM has its genesis in the adoption of intrusion detection systems (IDSs). Those systems threw up so many alerts that organizations rapidly realized that another technology was needed to make sense of the noise.
Decisions were then taken at various vendors to broaden SIM's scope and, very quickly, a new market niche was created. A forecast from the Yankee Group said the market for SIM products would grow from about $90 million last year to about $430 million by 2008. Other forecasts are being prepared for this rapidly growing segment.
Gartner also sees plenty of interest in SIM as it trawls the country to see which companies are buying what products.
"In 2003, people were distracted by all the worms. But towards the end of the year, and then this year, I have had a rash of calls," says Mark Nicolett, the research company's point man on the technology. "New products were coming online and there was another crop of companies that were looking at this type of technology."
Those new products included upgrades from a host of vendors that have offerings – suppliers such as IBM's Tivoli, MicroMuse and Computer Associates, security specialists such as Symantec, pure plays such netForensics, ArcSight, Consul, GuardedNet, Network Intelligence, and sector pioneers eSecurity and Intellitactics.
Other companies are also making themselves heard in the SIM hubbub – such as TriGeo Network Security and HighTower Software – which have created SIM appliances to bring the technology to the world of small and mid-size businesses.
There is no doubt that one of the biggest trends in the industry is the fact that smaller businesses and organizations are now getting the chance to buy the technology. Not too long ago, SIM products required the buyer to be able to write a check for at least $200,000 and the customer needed a team of security analysts to implement and utilize the technology .
TriGeo's turnkey technology starts at $17,440. The company has amassed 60 customers over the past few years, primarily in healthcare and financial industries. Compliance with government regulations has given TriGeo "more or less a hunting license in those industries" says president and CEO Michelle Dickman.
TriGeo's Contego product is definitely not "SIM-lite" asserts Dickman, who says there are three key reasons the appliance is finding a lot of acceptance in the marketplace. The first reason, of course, is price.
The second reason is rapid deployment – the product can be delivered by courier to the customer, who needs around half an hour to install it. There is then a one hour web-conferencing training session, and that is it.
The third reason for acceptance is ease of use: Contego can be understood by IT people who are not security specialists. "The key is that our technology is something that the customers can get their arms around. If, with our technology, customers had to add a full-time security person for three weeks, a month, two months we would never make these sales" says Dickman.
High-end companies such as netForensics are also heading downmarket. "We are moving from the Fortune 100... going down the food chain to the Russell 2000 level – companies that have multiple locations with say, a couple of hundred as opposed to thousands of security devices," says Patrick Guay, the company's vice-president of worldwide marketing .
With a starting price of around $60,000, netForensics is not going as far down the food chain as TriGeo, but Guay says SIM has caught the attention of those SMEs that do not want to add warm bodies every time they add new security devices to the network.
The company has 300 customers worldwide and is also seeing growth at the high-end, where the early adopters are building out their implementations.
"The early adopters are now looking to expand their infrastructure. Initially they may have purchased our solution to help in the data center or a particular area of the network... now they are coming back to us and expanding to more locations and more devices on the network. They have begun to recognize the value that our solution can deliver to them, so they are able to get increased budgets and funding levels to expand," claims Guay.