Symantec Adds Reporting Teeth To SIEM

Symantec Security Information Manager 4.5 (SSIM) collects data from various parts of IT infrastructure, including network security devices, access and login information, and business applications, and presents it in a report-friendly format, said Sandeep Kumar, senior director of product management for Symantec's compliance and security management business unit.

Once the information gathering is complete, SSIM 4.5 gives users options for how long to store event data, which helps for forensics and compliance reporting, according to Kumar.

In previous versions of SSIM, events were stored in a database, but SSIM stores data in files, allowing for greater compression and greater control of events, as well as more efficient use of disc space and higher performance reporting and archiving, added Kumar.

SSIM 4.5 also includes a Web services API for simple integration with third party ticketing and event management systems, and a slew of new storage options, including DAS, SAN, NAS, and NetBackup certification, Kumar said.

Symantec provides a flexible pricing model based on the number of event sources being monitored. An SSIM 4.5 appliance with monitoring for 3-5 firewalls is priced at around $50,000, which includes first year's maintenance.

Cupertino, Calif.-based Symantec on Tuesday also scaled back its quarterly earnings estimate due to weakness in its data center business, which it gained in the 2004 acquisition of Veritas.

Symantec now anticipates earnings of between 10 cents to 11 cents a share for the third quarter ended Dec. 29, down from earlier estimates of 14 cents to 15 cents a share.