Review: SIM Offers Bang For Buck

Enterprise security has become one of the biggest headaches for busy systems administrators. Add to that the requirements of regulatory compliance and administrators can find themselves quickly overwhelmed. Looking at the situation mathematically creates a formula that basically translates to security + compliance = complexity, an equation that was only solved by a combination of time and money.

Symantec is looking to solve those problems with its latest release of Security Information Manager (SIM), an appliance that delivers the big picture of security management to the harried administrator. While the product has been around for some time, the recently released version 4.5 offers extensive enhancements that make it worth considering for today's compliance-driven enterprises.

Some customers may experience sticker shock over the $50,000 starting price, but in reality, the device may deliver cost savings in the first year by enabling customers to reduce IT management staff. What's more, when one considers the fines assessed for compliance violations that the appliance can prevent, the device could pay for itself quickly.

Although SIM 4.5 is billed as a security appliance, the unit's real power comes from management and reporting. Simply put, SIM 4.5 is all about providing administrators with knowledge that helps them manage network security, remediation and compliance.

The device makes use of event collectors, which are deployed throughout the network to gather and analyze security data. Symantec provides more than 100 collectors for a variety of hardware and software security products—even those from competitors—such as firewalls, vulnerability scanners, and antivirus and other security solutions for monitoring and analysis.

That data collection process feeds a security dashboard that offers a bird's-eye view of network security in realtime. All of the gathered data is stored in highly compressed logs and can be analyzed and reported on later.

SIM 4.5 is currently only available as an appliance, but with Symantec's desire to get out of the hardware business, the company has shifted over to industry-standard hardware to simplify maintenance and support. The device from the outside looks like a typical rackmount server—basically because that's all it is. Opening up the device exposes that there are no proprietary pieces of hardware, making the unit that much easier to service. In reality, the hardware is provided by Dell to Symantec for resale. Although the unit is well-built, Symantec would have been better served by selecting a more channel-friendly hardware partner than Dell.

CRN Test Center Engineers found that initial installation of the unit is straightforward but can involve a great number of steps. The complexity of installation is driven by the number of devices monitored on the network. Although the actual installation process proves to be quite simple, VARs should budget ample time for the integration of third-party security products. Once installed, the unit needs to gather data from various sources on the network before it can provide any truly useful information. Luckily, that process occurs rather quickly.

More on Symantec Security Information Manager 4.5