Sidebar: User Demand Sparks Vendor Changes

Computerworld - The increasing use of security event and information management appliances for regulatory compliance reporting is prompting some vendors to tweak their product development and marketing strategies.
Last week, for instance, San Jose-based NetIQ Corp. announced compliance-oriented versions of its security event management products. Its Security Compliance Suite comes in two flavors and features a new log-management component and templates designed to help companies assess and report on their compliance with laws such as the Sarbanes-Oxley Act, HIPAA and the Gramm-Leach-Bliley Act.
In March, Network Intelligence upgraded its enVision security event management suite with a new compliance-reporting dashboard and functions for gathering log information from a wider set of sources, including IBM's older OS/390 mainframes and AS/400 systems and Web servers that run Microsoft Corp.'s Internet Information Services software.
Market forces are driving the changes, said Jim Melvin, vice president of marketing at Network Intelligence. The tools were once used purely for collecting information from firewalls and intrusion-detection systems to support IT security efforts, Melvin said. But over the past two quarters, demand from security users has been matched by interest from companies looking to use the products for compliance reporting, he said.
Pam Casale, vice president of product management at Intellitactics, said the company added features for automating log monitoring and reporting in April after it also started seeing increasing demand for such capabilities.
"It's changing the way we develop products," said Tom Foladare, senior director of business development at NetForensics. "Now we worry about asset groups and business processes and being able to take every server that is dealing with a SOX issue and put them into different groups."

Read more about legislation/regulation in Computerworld's Legislation/Regulation Knowledge Center.