BAM vs BI, Real-time vs Historical Analysis
BAM, or Business Activity Monitoring, is an emerging technology (can you call it emerging if it’s already 2-3 years old?) defines the capability of monitoring and reporting, in real-time, all business events. For example, deploying a BAM solution can help a bank monitor, in real-time, the transactions that are going through the system and reporting on any anomalies.
BI, or Business Intelligence, on the other hand, mainly focuses on the historical analysis of data and reporting findings for a much longer period of time.
On the technology timeline, BI came way before BAM.
In the SIM world, however, real-time solutions came first. In fact, real-time event filtering and correlation was the major reason the SIM space is created. IT groups were overwhelmed by the amount of security events, including IDS alerts, that came in. The first SIM vendors created solutions to help reduce the alerts administrators have to look at.
Next came the historical analysis. However, due to the sheer volume of data generated by the infrastructure, SIM vendors were having a difficult time handling the retention of the data for a long period of time. Without the data being available, it’s difficult to perform historical analysis. New SIM players started appearing that provided solutions specifically to handle large volumes for long term retention.
Just like BAM having a tactical focus and BI having a strategic focus, the same can be said for the SIM space. Real-time SIM solutions are more focused on the tactical issues as these solutions tell IT what’s happening right now, and IT reacts based on the limited information in hand. Historical log analysis can have more of a strategic focus. IT groups can run complex analytical algorithms over a long period of time. There’s more time for IT groups to gather information, investigate the root cause, then take action.
As we can see, there are some obvious correlation between BI and SIM. In fact, so similar that some of the BI vendors such as SAS are getting into the log analysis business.
Can the SIM vendors learn some lessons from the BI world? My bet is that many of the BI functionalities and solutions can be translated into the SIM world. We will just have to wait and see.