Symantec SIM brings friends
Symantec's SIM comes with an active network to help it analyze your eventsFollow @infoworld
I found my only real disappointment with the SSIM to be the trouble-ticket feature. Although the SSIM issues trouble tickets and allows some rudimentary manual ticket tracking, it's not a real trouble-ticket system. For example, the system will generate an initial ticket and allow you to manually close the ticket, but there's no way to track the progress of a ticket, assign fine-grained assets to the ticket, or measure the effectiveness of the given assets in resolving issues. In short, the SSIM will spit out a trouble ticket, but that pretty much ends the system's involvement in resolution management. That might be OK if Symantec provided hooks into existing trouble-ticket systems, but it doesn't. I'm all right with the SSIM not being a trouble-ticket system on top of the other benefits it provides. Further, given a choice between not offering a trouble-ticketing system at all and offering a very rudimentary one as part of an otherwise complex product, the former makes sense. Still, I strongly recommend that Symantec spend some time on this shortcoming before the next major release.
Who needs a SSIM?
All told, Symantec SIM should be a fine fit in many enterprises, especially those that haven't rolled their own set of reports and functions within an enterprise network management framework. The greatest benefit, though, would be to companies from the middle to the top of the SMB market; there likely would be a reasonable number of network components, but for which the Global Information Network would provide a real benefit in terms of additional correlation information. These "Big SMB" organizations will also likely have a competent security professional, but one who might well appreciate a bit of additional intelligence when it comes to figuring out what's happening across the network.
The Symantec Security Information Manager 9650 is a solid piece of network security infrastructure that's in the prime of its product life: old enough for serious development to have taken place, but not past its peak. It's at the perfect point for serious consideration if you're looking for a quality SIM.