Cybercrime Bolsters Case For SIEM SolutionsCybercrime Bolsters Case For SIEM Solutions

Data breaches continue to be a nagging problem in the corporate arena, especially for small and midsize businesses. The primary beneficiaries? Vendors of Security Information and Event Management (SIEM) products.A survey by Panda Security revealed that 46% of U.S. SMBs have experienced at least one incident of cybercrime, and according to Verizon's 2010 Data Breach Investigations Report [PDF], almost 50% of all breaches in 2009 occurred within organizations with 101 to 10,000 employees. That same report indicates that 70% of those breaches resulted from external agents and that 71% occurred in one of the "Big Three" industries -- financial services, hospitality, or retail.

There are quite a few vendors "on the case," and Gartner, in its Magic Quadrant for SIEM [PDF], classifies what it considers the top-notch vendors as Leaders, Challengers, Niche Players, or Visionaries. The Leaders include ArcSight, Q1 Labs, and some of the usual suspects in the security milieu (RSA/EMC and Symantec). The Visionaries are a populous group, and Gartner assigns the moniker based on their high ranking in "completeness of vision" and their lower ranking in "ability to execute," which generally stems from a "smaller presence in the SIEM market than the Leaders."

One of those visionaries, TriGeo Network Security, is focusing its energy on SMBs, and on building its partner ranks. A typical TriGeo customer has anywhere from 100 to 1,000 employees. "The main problems for companies of this size is staffing and budget," says Michael Maloof, CTO of TriGeo. "They often don't have the IT team or the money to pull together various levels of defense. Their front-line IT people are focusing on system availability -- on keeping technology up and running -- not security."

Maloof says the usual point of entry for data breaches is the desktop. Employees will visit a website and pick up some drive-by malware, or they'll download an infected PDF. USB devices, he says, are problematic, too, as the use of flash drives becomes more commonplace.

"Most malware is a command-and-control situation. The malware 'phones home' and can install additional software on the [breached] desktop," Maloof says. "But it doesn't happen the way it does in the movies, where the bad guy hits a few keystrokes and they're in. There's a lot of trial and error that takes place, and all these attempts to 'break in' are recorded in logs generated by the hardware -- by the desktops, servers, routers, switches, firewalls, and so forth."

According to Maloof, 86% of recent cybercrime victims had evidence of the breach in their log files, but the breach was discovered by log analysis in only 3% of the cases. "You can't just store the log files. You have to sift through them, and that's a very time-consuming process when it's done manually," he says. "Our appliance sits on the network 24x7 and monitors all the traffic. It automates the process of collecting and analyzing data, and it does this in real time so that breaches don't go unnoticed."

Maloof says compliance remains the main driver behind customers' SIEM deployments, but many SMBs are catching on to the idea of using these solutions for overall network security. TriGeo's top three verticals are financial services, healthcare, and retail.

As for its channel strategy, TriGeo aims to double its partner base in the next six months. Right now, 85% of the vendor's sales are still direct, but Michelle Dickman, president, says she's put together a team whose full-time focus is to recruit partners and ensure their success by providing sales and technical training and collaboration on joint marketing projects. "TriGeo's [offering] is particularly suited to the channel," Dickman says. "It's easy to deploy right out of the box, so there's a fast ROI, and it's targeted at a space -- the midmarket -- where most channel partners are active."

Networks Unlimited, a Hudson, Mass.-based solution provider that deploys security solutions for SMBs, is one of TriGeo's partners, and Harry Segal, president, says the vendor has been channel-friendly from the get-go. "When we signed up with TriGeo about 18 months ago, they were in the infancy stages of their partner program," he says. "We saw that as a plus, figuring they were small enough to be responsive and include us in their channel 'conversation.'" That's just what they did, Segal says, adding that his company and TriGeo have teamed up at several trade events. The next one is slated for this October.