Although the business of selling security information management (SIM) systems will be booming over the next two years, value-added resellers (VARs) hoping to jump on the trend by adding or expanding their security practices should make

sure they have the expertise and the resources needed to deploy them before moving.

A new Forrester Research Inc. report, "Security Information Management Market Forecast, 2007 to 2011," estimates that the market is growing at a rate of about 50% per year, will accelerate through the end of 2009 and level off at nearly $1.2 billion by 2011. VARs already in the market say selling security information management systems is profitable work, but also some of their most intensive.

More on security information management systems Log management push has its roots in compliance Security information management finally arrives How security information and event management can augment enterprise network management

"I would caution people not to jump into it too quickly, because it is pretty complex," said Al Maslowski-Yerges, project and security manager for Novacoast Inc., a Santa Barbara, Calif.-based VAR. "It's not just something where you click 'next,' 'next,' 'next,' and then pick up your check."

Jonathan Dambrot, managing director for Prevalent Networks in Warren, N.J., agreed, saying that "mom and pop" VARs should be hesitant about getting into the market for security information management systems.

"I'm not sure that SIM is an easy sell," he said. "It takes a lot to support."

Security information management technology aims to detect malicious activity and other threats by collecting and analyzing data on security events and other network activity. Most security information management systems easily integrate with other popular security products, but, according to Dambrot, "There are some configurations that require more time and effort." Integrating them with industry-specific applications is a particular challenge, he said.

VARs also do a lot of work integrating log sources from clients' databases, other security products, routers and switches, Maslowski-Yerges said. Some customers want to use security information management technology to create entire IT management consoles.

"Almost everything in the environment creates some kind of log that can be useful to put into a SIM," Maslowski-Yerges said.

"It's pretty intensive, but the benefits to be gained are pretty substantial as well," he added. "If you do know what you're doing, and you have the breadth to do it well, it adds a lot of value to the client."

Most companies that want to purchase security information management systems are in finance, retail, healthcare and other heavily regulated industries, according to Paul Stamp, the Forrester principal analyst who wrote the report. Some regulations, including the Payment Card Industry Data Security Standard (PCI/DSS), require companies to store and manage their IT logs.

"[Market growth] is certainly driven by compliance," Stamp said.

Security information management systems also offer increased security, but most users see that as an added benefit rather than a reason to buy them. There are only two reasons why companies will spend money to directly improve security: "One is, you get hacked. Two is, somebody tells you to," Stamp said.

Both Novacoast and Prevalent sell Symantec Security Information Manager as well as security information management systems from other vendors. Most products are able to read a wide variety of data, but "how well they analyze that information varies," Stamp said.

Some major IT vendors have acquired security information management vendors recently, and Stamp expects more major security vendors to start making similar plays. More acquisitions will help the security information management market level off at the end of 2009, because vendors will start integrating the technology into wider IT and security platforms, he said.

"The technology's going to evolve," he said.