Hamilton said SIM tools began attracting a lot of attention last year, partly because of reporting requirements imposed by regulations such as the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act. But he added that the software can be a "nightmare" to manage, "with thousands of event logs being reported per second" from servers, firewalls intrusion-protection and -detection systems and other components.

In addition, many users haven't been prepared for the increased need for storage hardware, servers and database administrators that SIM implementations can impose, Hamilton said.

Although MasterCard did add an unspecified number of servers and storage devices as part of the Sentinel rollout, it didn't need to increase its database administration staff, McWhinnie said. He added that the Purchase, N.Y.-based company set a detailed "escalation plan" for dealing with the data generated by the tool.

MasterCard's prior experiences with its own tools helped to simplify resource planning, McWhinnie said. "Data explosion was not a problem, because we foresaw it and dealt with it upfront," he said. "We already knew where some of the pitfalls would be and went into this with very open eyes."

McWhinnie declined to disclose the SIM rollout's cost, describing it only as a medium-size IT project for MasterCard. He also wouldn't identify the other products his team evaluated before choosing Sentinel.