Guest post: Brian Singer, security solutions marketing manager, Novell
If one thing is certain, it's that the Security Information and Event Management (SIEM) market has come of age. SIEM is a critical element of nearly every organization's security operations. HP has recognized that SIEM is a key enabling technology for companies that want to make a smooth transition to cloud computing. Security in the cloud is obviously a key challenge for enterprises.
Another consideration is that SIEM and Identity & Access Management (IAM) integration are crucial in a world where insiders are quickly becoming the primary threat vector. Even ArcSight has been touting the importance of integrating these two security technologies. HP divested their identity business to Novell, so it will be interesting to see whether HP slots ArcSight into a more network-centric defense role rather than the application and threat-centric view that the market is moving toward. Without taking an identity-centric view of security, it's impossible to answer the three key questions that security should be able to answer - “What happened? Who did it? Should I care?”
It's also no secret that ArcSight requires a significant services engagement to deploy the product. This fits well with HP's services strategy. What doesn't seem to fit in this picture is the channel that ArcSight has built. HP is not a partner-led organization, and will probably feed services-related business into their own services organization.
Security is now front and center in IT organizations. HP has acknowledged risk management is central to everything that an organization does. The SIEM market has entered a new phase of maturity. Novell welcomes the challenge and looks forward to the next stage of security management – threat-centric security, user-activity monitoring.