The security event management space is one that has made no one super-rich, especially the investors. But today’s announcement that Novell is paying $72 million for e-Security is probably a great relief for the backers of the first (1999) security event management (SEM) company. It looks to me like e-Security had taken in $40 million in investment over the years. The founders of e-Security were the first to recognize that security people were drowning in a flood of alerts from their IDS systems. They launched a product that collected and collated all of those alerts into one console view. By my count there were 16 vendors in this space. All of them had great software that really did the job.
I have always had a problem with this space because I felt it addressed a symptom of IDS, not a security issue. The problem was that companies, for lack of anything better to do, had deployed intrusion detection sensors everywhere which were spewing alerts. You could either tune these IDS sensors until they were quiet, you could outsource the monitoring to a managed security service provider, or you could invest in more infrastructure to gather all of the alerts in one place such as these 16 vendors did.
What has saved the SEM space is compliance. That is one area that collecting useless information and archiving it forever is needed. HIPPA, GLB, SOX, are all arguments used by these vendors to justify their products. Maybe they have something.
Back to today’s announcement. Novell is a schizophrenic company. On the one hand they are strong in identity management and directories; on the other hand they own SUSE Linux. I guess the purchase of e-Security is to beef up their security offerings. It does not quiet make as much sense as Micromuse buying one of the other pioneers in the SEM space, GuardedNet last July. At least Micromuse was already in the network event management space.
I would rather see Novell continue its push around Linux than dabbling in security event management and compliance.