Not so long ago, some clever folks realized that there was a significant market opportunity in the collection, correlation and analysis of network events—especially as it related to security appliances and the valuable information they provided. And thus a group of companies sprung up around a category of products that addressed the pain point of making sense of the vast ocean of information being cranked out by these various network elements. Broadly, these systems did their magic under the monikers of Security Information Management (SIM) and Security Information and Event Management (SIEM), terms that were used somewhat interchangeably.
With an increasing dependence on and ubiquity of wireless, along with the recent flood of BYOD and SaaS initiatives changing the dynamic in corporate enterprise networks, the ability to have true application visibility has come to the fore. SIM/SIEM solutions have always depended on the collection of data in order to maintain relevance. With sophisticated solutions running the gamut from security management to compliance and fraud protection, traditional data sources, such as logs and probes, may not suffice. In these cases, no longer is basic information about events, traffic flows and device connections sufficient to support the portfolio of advanced solutions the vendors are bringing to market.
Fortunately for these same vendors, there is a new sheriff in town. With the advent of comprehensive and competent offers from DPI experts for the embedded marketplace, SIM/SIEM vendors now have a path to providing this important functionality—without investing extensively in the arcane art of building DPI in-house. The products designed and packaged specifically for the OEM marketplace and inclusion in nearly any system can save $2-3 million and well over three years of native product development.
Most importantly, a subscription service for DPI and relevant device and application signatures ensures that the latest in detection techniques are exercised without diverting in-house engineering resource from core activities and competencies. Since DPI is a supporting technology that would enhance most, if not all, targeted solution areas, the return on investment is quite compelling. End customers now have an expectation that systems designed and operated “to know it all” in fact live up to their billing. The addition of application visibility and device recognition to such systems is a critical success factor.
The continued health and wealth of this important category depends on a breakneck pace of innovation, as it always has. Certainly, company engineers need to and will continue to focus on the key ingredients for SIM/SIEM systems. Others most certainly will be purchased from those experts providing that technology. Thus, the future and prospects for growth will remain strong.
See the full article in the May edition of Cyber Defense Magazine here.
Topics: Expert Insights