Ken Levine, CEO, Nitro Security
Yesterday's acquisition of log management and database monitoring vendor RippleTech Inc. by security incident and event management (SIEM) and intrusion prevention system (IPS) company NitroSecurity, appears to be a natural fit to answer the perennial questions about converging compliance, security and network operations.
- What's going on with my network, databases and applications?
- What inadvertent or malicious mischief are my users up to?
- Who's trying to do me harm?
When considered together, SIEM, database monitoring, and log management products go a long way in addressing these questions, but they have developed largely as disparate tools. Thankfully, corporations and their vendors are connecting the dots. In particular, log management products are becoming enormously popular, their sales driven largely by the Payment Card Industry Data Security Standard (PCI DSS). The database auditing and monitoring market has experienced healthy growth, which was also spurred by regulatory compliance.
SIEM solutions have focused primarily on security intelligence, and their market appeal has grown with the mounting demands of regulatory requirements, but they tend to be pricey and appeal mostly
With the acquisition of RippleTech's LogCaster (now NitroView LogCaster), Informant (now NitroGuard Database Monitor), and Enterprise Security Manager, NitroSecurity plans to offer an integrated suite based on its NitroView platform. The company plans to continue to offer each product separately.
Log management is a hot topic, as pure-play product and managed service vendors prosper, and SIEM companies add log management capabilities or, increasingly, separate products through development, partnerships or, as in this case, acquisitions.
"Log management was the primary reason we started talking," said NitroSecurity CEO Ken Levine. "In the course of completing the transaction, we became a lot more enamored with their database activity monitor too. It became 50-50, but it absolutely was 101% about logs. Our guys were walking away from log management deals all the time."
Levine said customers are often looking and budgeting for log management for compliance first, and SIEM, perhaps, second. So the ability to offer both as an integrated solution made sense.
NitroSecurity plans the integration in two phases. The first phase, in the short term, is to get the products to communicate, and the second phase is to get the products to pull reports into NitroView. Full integration is expected in about six months.
That integration isn't trivial. At their foundation, log management and SIEM tools have to share common engine capabilities, so they are using compatible collection, aggregation and normalization techniques. NitroSecurity will integrate LogCaster into its proprietary database to help accomplish the transition.
The combined offerings put NitroSecurity to compete more effectively with SIEM vendors like ArcSight, NetForensics, Intellitactics, OpenService and Cisco. NitroSecurity will also compete with log management companies such as SenSage, LogLogic and LogRhythm, and database monitoring firms such as Guardium, Imperva, Lumigent, Tizor Systems, Sentrigo and Symantec.