ISS reins in security management

ATLANTA - Internet Security Systems last week reinforced its security management package, SiteProtector, to let it manage and correlate information about security events from across its family of intrusion-detection and vulnerability-assessment products.

SiteProtector 2.0 provides a central console that unifies ISS products such as Internet Scanner and the Black Ice desktop intrusion-detection system (IDS) and firewall software, which previously required separate management consoles.

According to an independent lab that tested SiteProtector 2.0, the new ISS central management console makes it far easier for network managers using ISS products to get an accurate picture of attacks while lowering the likelihood of false positives.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

ATLANTA - Internet Security Systems last week reinforced its security management package, SiteProtector, to let it manage and correlate information about security events from across its family of intrusion-detection and vulnerability-assessment products.

SiteProtector 2.0 provides a central console that unifies ISS products such as Internet Scanner and the Black Ice desktop intrusion-detection system (IDS) and firewall software, which previously required separate management consoles.

According to an independent lab that tested SiteProtector 2.0, the new ISS central management console makes it far easier for network managers using ISS products to get an accurate picture of attacks while lowering the likelihood of false positives.

"This approach can reduce false alarms and can certainly reduce the load on the administrator, since it would be possible to record all suspicious events for trend reporting and forensic analysis," said a report from NSS Group. NSS kicked the tires on the beta version of SiteProtector 2.0 last month as part of a larger analysis of six IDS products.

However, the NSS Group lab report added: "SiteProtector still shows signs of being a new product, sporting a number of rough edges." The report said there's a "clumsy and long-winded" process involved in setting up security policy via SiteProtector.

Though ISS has reached a milestone in bringing its own IDS and vulnerability-assessment tools under one management umbrella, the firm has downplayed the notion that it would be building an overarching security information management (SIM) product to centralize correlation, reporting and management for products other than its own.

Symantec, Computer Associates, Check Point and a few start-ups, such as ArcSight, are in a race to build SIM-related products to handle multivendor IDS, firewalls, antivirus software and authentication servers. Last year, ISS was talking up how it also would build SIM with future versions of SiteProtector.

Read more about security in Network World's Security section.