Now that firms generally have adopted a variety of security devices, such as firewalls, intrusion detection and application servers, they are challenged with making sense of all the data that these devices generate about the security and performance of their infrastructure. According to Forrester Research, Inc. (Nasdaq: FORR), security event management (SEM) solutions can help identify the relevant data and launch remedial actions. Since each SEM vendor takes a slightly different approach and architecture, Forrester applied its TechRankings™ evaluation process to the top six SEM vendors to help clients find the right solution.

Forrester’s SEM TechRankings evaluated the following global market leaders:

  • ArcSight’s ArcSight 2.5
  • Consul’s InSight Security Manager 5.0
  • GuardedNet’s neuSECURE 2.0
  • netForensics’ netForensics v3.1.1
  • Network Intelligence’s engine running enVision version 2.003
  • Symantec Incident Manager 3.0

Other vendors invited to participate in this study included e-Security, CA, and Intellitactics.

Overall, Forrester found that no single product had all the desirable features for gathering security events from across operating systems, applications, security functions, and the network. While there may be one or two complementary products that may meet prospective users’ highest priorities, they need to ask themselves the following questions:

  • How important are the regulatory compliance reports to my company?
  • How easy and powerful do I need the trouble support systems to be?
  • When will I want to install the software on servers and firewall devices, and when will I want all of the data sent to me?

“Security event management vendors believe they are solving a big problem, when they are a small part of a much bigger problem,” said Steve Hunt, vice president, Forrester Research. “Any customer who buys one of these products will still have many more investments in vulnerability and patch management or intrusion prevention systems before the problem is fixed.”

The SEM TechRankings — an objective, scenario-based product testing and evaluation process — assessed the following criteria:

  • Architecture and integration. How well is the platform built for integration with your existing infrastructure? How is the product put together, and how is it deployed?
  • Reliability and scalability. How does the product handle changing performance loads? What capabilities does the platform have for ensuring that applications remain available, process transactions successfully, and respond to system problems?
  • Configuration and flexibility. How extensive is the product’s ability to aggregate, normalize, correlate, present, archive, and query data?
  • Administration and reporting. How easy, intuitive, and functional is the administration console? How complete are the reporting capabilities?

The TechRankings research mentioned in this press release is available to Forrester WholeView™ clients and can be found through