Open Standards: Not everyone gets it

By Bill Roth, CMO

In a recent article, our competitor LogRhythm commented on our technology plans which indicated either they don’t understand what we’re doing, or that they think what we’re trying to do will threaten the status quo - and their business.

LogRhythm’s VP of Marketing said the following:

“The idea of a standardized protocol for transporting and storing log data sounds good in theory, but it’s unrealistic given the hundreds of different types of log sources and vendors. A standard like this does more to benefit the vendor than it does the end customer, from both a technological and marketing standpoint," he added. "Standardization would make it easier for the log management or SIEM vendor, but the positive impact on the end customer is hard to see given the widespread collection and transportation capabilities that exist today."

We think the exact opposite.

The Security Information and Event Management (SIEM) industry needs more standardization not less. As markets mature, they all tend towards open standards. Open standards ensure that customers are free from being locked in to any one vendor, or any one proprietary technology. Additionally, standards provide a way for the consumers to provide input to the technology that they actually use. Standards also make sure there is a level playing field so no one vendor can dominate an industry. The open competition that standards encourage is good. They ensure that the consumers get the technology that they want at a reasonable price.

Consider the work done on CORBA standardization in the early ‘90s, and the standardization that continues to happen with the Java Platform. The Java Platform is an object lesson. Companies like IBM and Oracle were initially opposed to the standardization of Java on the server, in the form of J2EE, because they had large investments in their proprietary application server product lines. But as customers started clamoring for the kind of openness that standardization brings, both IBM and Oracle became licensees of the technology, as did nearly 50 other companies who signed on as licensees of the technology.

As Mark Twain said, “History doesn’t repeat itself, but it does rhyme.” Our path for the ULDP will not be an exact match to the J2EE experience. But we will take an open, community-based approach to developing our standard.

If only the rest of the industry would do the same.

LogRhythm and other competitors obviously benefit from having proprietary technology that essentially locks in their customers to a specific vendor. Take for example ArcSight’s putative “standard” Common Event Format, or CEF. While this looks like an open standard, in reality it is clearly copyrighted and there is no mention of a neutral standards body.

Clearly LogRhythm does not understand what we’re doing here, or does not want to understand. Standards necessarily create a level playing field among the vendors, and force those companies to compete on the features that matter to consumers: ease of use, scalability, and price.

The history of the last 30-years in the computer industry clearly illustrates the benefits of open standards. We believe that the creation of the ULDP will be a positive step forward for the SIEM industry and is something we’re excited to champion. And to share.