OK, so many folks have been asking me about our security strategy. I have discussed RSA in detail but some folks are still puzzled with the Network Intelligence acquisition. There are lots of good reasons but let me explain my rationale of why I consider this very strategic for EMC.
Network Intelligence for us is about 2 words: Metadata, and Compliance.
We all are familiar with data right? It’s that stuff in the file or the database – the stuff we actually use. Metadata is everything else. It is all of the data that is captured in logs and around files to help us manage, and protect the data itself. We use Metadata in Content Management to help provide services like versioning, workflow, and indexing. We use it to protect and secure data. Metadata is everywhere. In fact, I believe that there will ultimately be more Metadata then data itself!
Network Intelligence is the leader in its ability to capture log metadata in a coherent way so that we can do some really cool things. As you would expect, computers, systems, and applications log lots of things. Problem is that these logs are everywhere and there is simply no way to leverage this data (into information) uless you capture it into a repository.
The most important use case is Compliance. By capturing the metadata in an effective way we can actually go back and look at events that occurred in a system or application to understand if there are/were any problems. Data is not like money. When someone steals from a bank, it is usually easy to tell – the money is gone – duh. Data is different, what you need to be able to do here is to track the actions (especially of privileged logs) to insure that nothing is amiss.
Since this data is gathered and “organized” it can be used not only for Compliance (prove that nothing bad happened) but also for Forensics (something did happen – let’s look and see “how”). In general – this is the SIM market, and it ties directly in with both our information management and security strategies.
With all of this data coming in, there is an additional customer benefit we can provide; that is “Security Event Management” or SEM. Once a customer finds an issue, they can easily build a policy to check for the “event” and trigger a notification or other action.
Together this is now called the SEIM market. It is a key goal for EMC to help our customers manage their Metadata as well as their data and we believe that this is the best technology in the market to do just that.
If you want to read more – here is a link http://www.network-intelligence.com/solutions/loginaccess/whitepapers.asp