What happened to the SIM market?
Results 1 to 8 of 8

Thread: What happened to the SIM market?

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884

    What happened to the SIM market?

    Is it me or did anyone else notice that the once hot SIM (Security Information Management) market is not so much as causing a ripple in the marketplace right now. About a year and a half ago, all people were talking about was how they were going to install SIMs to monitor and remediate network security events. I have several theories on why this market cooled off fast. I'm sure that folks quickly learned that SIMs devices actually require advanced skillsets to setup and tune properly and you still have to investigate and monitor events that may indeed turn out to be false positives. Does anyone else have thoughts on this?

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    One phrase... cost benefit related to risk?
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I expect that you're referring to products like Symbiot and their iSim product. I wonder how much of it is fear of what the legal environment for these might create. Additionally, I think people are still dealing with what they know (e.g., firewall, IDS, wireless security or lack thereof, etc.) rather than what they don't know.

    Add to it budgets being limited even more each year and just wanting to stay above the water, deploying new security models may not be beneficial.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    I think a lot of people still cling to the belief that a human can always do certain tasks safer than a machine -- and rightly so IMO. To date I have yet to see an IPS that did the right thing when it found a false positive.

    It does take a lot of skill to set up any such systems -- just like IDSes. I think it will become more evident as time goes on that networks are a lot like plant or animal ecosystems (I remember reading an article about something along these lines recently), and with that comes the concept that a fluid environment can't easily be predicted, nor can it be easily replicated. Any two networks with the same given size, computers, and hardware throughout will still vary greatly in terms of usage, environment, etc... I would certainly think that hiring someone to initially configure such systems would increase the cost of deployment to beyond the point where it's worthwhile to have an automated network security analyst, especially when you can just hire one.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Yes, and others like Guardednet's NeuSecure console. We use this product to receive feeds from SAV, ISS and other IDS/IPS sensors. We monitor all of this data based on event threat calculations done by the SIM and the sensors then we are presented with what it feels are legitimate threats. Again, it takes time to tune the events because we're getting feeds from devices that are made by different vendors. As chsh points out, the enviroments while physically similar, are used very differently, thus, tuning is a pain in my ass. On average, we do a gig and a half of HTTP traffic each hour. Add in all the other traffic and events we monitor and you quickly see that we're spending a lot of time investigating issues. To the product's credit, it has been useful during virus outbreaks and such. We are able to quickly disable switches and routing gear at different locations in order to contain an outbreak.

    Anyway, I was curious if others noticed this cool down too.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    RoadClosed hit it right on...

    cost benefit related to risk

    Too many companies have been bitten by these 'products', or the vendors have been overwhelmed with the backend support of such an engagement.

    My current client keeps talking abou an SEM. Security Event Manager...a rose by any other name... But yes, they are all hot and bothered to get one of these up and running...and don't have the slightest clue of what it will *REALLY* take to engineer and deploy this vision they have. What they'll get, probably, is a broken lame retarded half-cousin of what they want. I'm not criticising them, I'm just stating fact based on my experience. "It costs HOW MUCH? You don't really need these three consultants, at that rate, for that long, do you? We can get by with an intern part time, I'm certain."

    I see it in my current projects. "Nonono, we contracted you to deliver THE WORLD...read the fine print...go ahead..."



    (Can you tell I'm having a crappy day at work?)
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  7. #7
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    There are extemely limited markets with a risk high enough to benefit from costly systems. Costly in hardware, deployment, management, and upkeep. They aren't pushing them because they don't sell and you can segregate systems into smaller chunks based on specialty. In addition there is an added benefit of oversight by additional parties.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    When we reach the point that a computer can more accurately defend itself against a human attacker then a human can we have truly reached AI. Until then security will have to remain in the hands of a human. Yes, there are a lot of 'tools' that a human can use to help them in the task but when it comes down to it the human is still the best 'filter".... and that's why these tools don't work..... Yet.... I have faith that they will.... but that brings up other issues.... that may only be mitigated by a human..... Do I see a cycle beginning here?.... Yes....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •