Apparently nothing fires me up like Mike Rothman eulogizing SIM. Again.
"SIMs not dead, eh? - Then why is almost every SIM vendor announcing a dedicated log management appliance?"
Perhaps because Oracle or SQL tables are a lousy (and expensive) place to store your logs for years and years. Or perhaps because you don't want to shell out $10K/seat for a full featured console so your sysadmins can search your logs once a week while on a troubleshooting mission. Or, perhaps most likely of all, because infosec customers love appliances.
"How many more data points do we need about the evolving SIM space before we can finally start shoveling dirt on it?"
Let's not forget to also bury heuristic AV, behavioral IPS, deep packet inspection firewalls, and every other infosec product 'next' that has come to pass over the last decade. They all suck and nobody buys them.
Anyway, Mike's point is that since SIM vendors copy each other and are trying to sell log appliances because they discovered that agents don't scale as aggregation points, that SIM is over. Clearly.
No comments:
Post a Comment