AUSTIN, TEXAS - Worried about a hacker crashing your Web site, despite the arsenal of security tools you have in place? Tivoli this week will attempt to address such concerns with software it claims can unite disparate security products to fight off denial-of-service attacks and other types of net assaults.
Called SecureWay Risk Manager, the product can field alerts from separate security products, such as firewalls and virus detection programs. It can then present information based on the alerts in a single management console that gives a more complete picture of a company's network security status.
Tivoli's new software, based on technology created in IBM research labs, can also be used to test networks for potential security weak spots and to distribute security patches.
Tivoli is targeting organizations with high-profile Web sites as well as universities and other sites whose computers might be used without the knowledge of their owners to launch attacks like those that stymied Web sites such as Yahoo and eBay earlier this month.
Risk Manager, which initially will run on Windows NT, includes a translation engine that can accept data from assorted security products via SNMP or other means. The engine translates the data into a common format that can be understood by Risk Manager's correlation engine. This technology has been in development for the past year at the IBM Zurich research lab.
The correlation engine can be programmed with rules from the IT staff and acts as the communications and command center for all of a network's security needs. So for example, a company can use the correlation engine to set up and enforce a scheme to block a SYN Flood, a type of distributed denial-of-service attack. Web servers can be instructed to identify and delete incoming IP packets that include erroneous header data that can bog down a system. Risk Manager also includes a Vulnerability Scanner that sends software agents across a network to check Web servers for potential security problems. For instance, the agents can be programmed to recognize Unix-based Trin00 denial-of-service attack code and alert the correlation engine so that appropriate follow-up action can be taken.
Risk Manager can also make sure security applications are distributed consistently through-out the network. Say a network executive wants to distribute a software patch that prevents routers from being used to flood another company's Web server with pings. Risk Manager can create a list of the routers that need the patch, distribute it and then confirm that every router got the patch.
Tivoli's new software works with existing security and management products from Tivoli and parent company IBM. It also works with software from partner vendors such as Internet Security Systems.
Integrated security products such as Risk Manager are becoming more common, says Chris King, an analyst at Meta Group, a consultancy in Stamford, Conn. Tivoli could have an edge in this market because of its experience with enterprisewide network and systems management, but the company will need to make sure customers can make Risk Manager work with tools from leading management software vendors such as Computer Associates and BMC Software.
Risk Manager is currently in beta testing. The product will be released in the next few weeks, followed by a more automated edition later this year. IBM also plans to roll out versions of the software for AIX, Solaris and Windows 2000 down the road. Pricing information was not available.
Tivoli security products
Research: Denial of Service
Articles, downloads and other resources on denial-of-service attacks.