"We see ourselves as a managed alternative to what customers might want to do themselves with ArcSight or Q1 Labs," says Dan Schleifer, senior product manager for managed security services at Trustwave, referring to two well-known SIM product vendors.
But Trustwave has essentially written its own SIM code, offering three basic tiers of service: a hosted SIM with automated alerting and processing; a daily analysis of what happened that day, with written reports; and real-time analysis of events, with "eyes on the screen."
Schleifer says for two years, SIM-as-a-service was merely a small "pocket area" for Trustwave, but is now "its fastest-growing managed service." One main driver is certainly rule No.10 in the PCI Data Security Standard, which requires not only log collection but also "a minimum once a day, you review those logs," he points out.
Some SIM managed service providers build their offerings based on SIM products from equipment vendors. That's the approach that service provider FishNet is taking, according to CEO Gary Fish.
"The service is built around the RSA EnVision and Q1 Labs," says Fish. The customer typically pays about $US220,000 per year, largely based on the numbers of events recorded per second, though there may be other fees, too.
SIM-as-a-service is still a very small part of what FishNet does, but half a dozen customers, including St. Louis-based Arch Coal, the second largest U.S. coal producer, have signed up for SIM as a managed service. Tom Turner, vice president of marketing and sales at Q1 Labs, says it's comfortable partnering with a managed service provider such as FishNet, viewing the relationship "as potentially offering us a broader market."
SecureWorks is regarded by Gartner as a "pure play" SIM managed service provider, as opposed to a global service provider that offers SIM among a wider menu of services. The security firm is a veteran in the business, having started about a decade ago.
Rick Talford, vice president of product management at the Atlanta-based security services provider, says its charges are based on per-device per-month fees, which vary from $US25 per server to a few hundred dollars for a large firewall. SecureWorks supplies a "listener" appliance for the customer premise to aggregate information and transmit it to the SecureWorks security operations center.
The customer can use a Web-based portal for reporting and periodic reviews, and some customers want real-time visibility into threats and events and full-blown monitoring. About 2,600 separate businesses use these SIM services. Roughly 60% are from the financial industry, with the remainder from healthcare, retail and government industries, according to SecureWorks.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.