Zen 2.0

Ok, so by now everyone has probably seen this. The code for the front page of Facebook was exposed due to a server misconfiguration.

Both TechCrunch and Mashable have blogs about it so no need for me to say much.

Earlier we mentioned that EMC is buying Network Intelligence, well, there’s a bunch of analyst/editor comments out now.

EMC and Network Intelligence: What it Means.

In the last few months, Novell bought e-Security and IBM got GuardedNet through its acquisition of Micromuse. Cisco grabbed Protego about and year ago and rumor has it that Oracle is about to buy either NetForensics or Intellitactics. It’s likely that HP, McAfee, and BMC are looking at other leaders like LogLogics as well as network behavior specialists like Mazu and Q1.

Building The New EMC, One Acquisition At A Time

Interesting comments from Dennis Hoffman, vice president of information security at EMC

Network Intelligence plays in three areas of the security industry, he said. The first is log management, a space where the leader is another company, LogLogic, San Jose, Calif., Hoffman said.

The second is event management, or the real-time processing of data for security purposes. “ArcSight is the leader,” Hoffman said. “There are lots of others in this space, too. Names you’ve never heard of.”

The third is security information management, which includes the reporting and forensic analysis of where security problems occur. Network Intelligence is the leader here, Hoffman said.

On a side note, here’s an article about ArcSight.

Ray Lane buys dinner - Who buys ArcSight?

One of ArcSight’s board members told me the company is hitting close to the $75m revenue number, that’s getting close to the magic $80m to $100m level that could initiate an IPO–except that the IPO market is in the doldrums.

Rumor has it that EMC is buying the SIEM vendor Network Intelligence for between $150 to $175 million. NI’s revenue is said to be around $20 to $25 mil. That’s 7x revenue, which is not bad at all.

[Update: Announcement was made today on the NI acquisition by EMC. Interesting how the NI story is hidden inside a much bigger story. Does that indicate what's to come? That NI is going to just be a small piece of the EMC security story? The PR doesn't even mention the price. However, Reuters' piece mentions the $175m figure.]

Greg Shipley has done a review for GuardedNet’s neuSecure product.

Security information management offerings are in mid evolution. One such work in progress, GuardedNet’s neuSecure, is a SIM platform worth watching. I tested an early beta of neuSecure 3.0 and found that, though it’s rough around the edges, it’s a clear step up from version 2.0.

What’s your experience with neuSecure?

So I got a question for everyone. Why hasn’t the SIM or log analysis market consolidated?

The SIM market is about 5 years old now. There are many players in this field, both pure SIM players and players expanding into the SIM space.

Some of the pure players include

• ArcSight
• netForensics
• Open Service
• e-Security
• GuardedNet
• Network Intelligence
• TriGeo
• Protego
• LogLogic
• Consul Risk Management
• High Tower Software
• SenSage

Other non-pure players that are either getting into or already in the SIM space include

• Aelita (acquired by Quest Software)
• Symantec (acquired Riptech, Mountain Wave and Recourse)
• MicroMuse
• Computer Associates eTrust

I was expecting the wave of buyouts to begin when Symantec acquired the 3 companies, but nothing has happened.

I can think of a couple reasons

1. SIM vendors haven’t proved their value. There’s a lot of good technologies out there, but most of them are very high priced. I think the SIM vendors have a tough time justifying the ROI.
2. Most SIM vendors have gotten several rounds of funding now, probably anywhere from $15 to $60 million. Most companies don’t want to spend a whole lot of money buying these vendors. Symantec bought Mountain Wave for $20 million, Riptech for $145 million and Recourse for $135. Both Riptech and Recourse brought more than just log analysis products.

What do you think? I would love to hear your thoughts on this issue.

Forrester Research recently came out with a series of Scorecard Summaries on SIM products.

The products reviewed are:

- ArcSight 2.5
- Symantec Incident Manager 3.0
- Consul’s InSight Security Manager 5.0
- Network Intelligence’s Engine Running enVision v.2.003
- GuardedNet’s neuSECURE 2.0
- netForensics 3.1.1

Forrester evaluated the products based on six different attributes:

- Architecture and Integration
- Reliability and Scalability
- Configuration and Flexibility
- Administrator and Reporting
- Market Presence
- Cost

These criteria are very similar to what we have talked about previously for the BI product evaluation.

Unfortunately, unless you have paid Forrester a ton of cash, you will not be reading them. But these are useful if you are considering a log solution and your marketing department happens to have paid Forrester.

By the way, Forrester has a RSS feed for all of their research summaries if you are interested. I think it’s a great way to get updated about their latest research.