MasterCard's early success is a rarity among large enterprise SIM rollouts, since there can be a 'lot of surprises during deployment,' said George Hamilton, a Yankee Group Inc. analyst who is familiar with the MasterCard project.

Hamilton said that although SIM tools attracted attention in 2005 -- in part because of reporting regulations imposed by the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act and other requirements -- many businesses found them harrowing to use because of 'data explosion, with thousands of event logs being reported per second.' Tools that transmit system logs from intrusion-protection and -detection systems, firewalls and other security components can be a 'nightmare' to manage, he said.

Many companies have not been prepared for the increased need for storage, servers and database administrators brought on by SIM implementations, Hamilton said.

Although the SIM tools required more servers and storage at MasterCard, the company did not need additional administrators and carefully planned an 'escalation plan' for more storage, McWhinnie said. Resource planning was made easier because MasterCard had prior experience with its own custom-built SIM tool, he said. 'Data explosion was not a problem, because we foresaw it and dealt with it up front,' McWhinnie said. 'We already knew where some of the pitfalls would be and went into this with very open eyes.'

In the future, McWhinnie said he'd like to see better SIM product integration 'so that one only has to monitor one dashboard to get the full picture about real-time monitoring.'