Vendors link security to management

New and upgraded products address provisioning, intrusion prevention, mainframe databases.

Security vendors will be unveiling a slew of products over the next two weeks that are designed to manage and make sense of security events, provision users, spot vulnerabilities and secure data on mainframe networks.

Security information management (SIM) vendors ArcSight, High Tower and netForensics separately will announce new product versions and additional features.

SIM software automates the collection of event log data from security devices, helping users manage information from disparate devices and systems on a common management console. The products use data-aggregation and event-correlation features and apply them to event logs generated from firewalls, proxy servers, intrusion-detection systems (IDS), servers and anti-virus software.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Security vendors will be unveiling a slew of products over the next two weeks that are designed to manage and make sense of security events, provision users, spot vulnerabilities and secure data on mainframe networks.

Security information management (SIM) vendors ArcSight, High Tower and netForensics separately will announce new product versions and additional features.

SIM software automates the collection of event log data from security devices, helping users manage information from disparate devices and systems on a common management console. The products use data-aggregation and event-correlation features and apply them to event logs generated from firewalls, proxy servers, intrusion-detection systems (IDS), servers and anti-virus software.

NetForensics next week will introduce two software add-ons to the company's SIM netForensics platform at the RSA Conference in San Francisco. Security Posture Analysis 1.0 provides information on assets such as users, applications and business processes affected by security events, while Incident Resolution Management 1.0 offers tools to better manage the process involved in responding to problems.

With its new impact analysis and workflow templates, netForensics made it easier to relate security events with pre-set business priorities.

"The upgrades would allow users to make more rapid decisions about whether they need to react to a security event," says James Hurley, a group vice president at Aberdeen Group. The software add-ons will be available upon announcement and work with netForensics' flagship software. Pricing for the platform starts between $20,000 and $50,000, and scale depending on the number of users and software add-ons purchased.

Competitor ArcSight this week will launch Version 3.0 of its flagship software of the same name. Company officials say the latest release can handle more events per second, compress data to let security managers store more security information and link security events to business applications.

"Security and line of business are two worlds that have remained distinct," says Hugh Njemanze, CTO at ArcSight.

Aberdeen's Hurley says ArcSight, netForensics and others need to work harder on relating security problems to business impact. "It's the biggest problem," he says. "Senior business executives don't realize they need security until something happens."

ArcSight 3.0 is expected to ship within 60 days. Pricing starts at about $100,000.

High Tower this week will make available its TowerView software packaged on appliances. TowerView collects data and events in real time from network and security devices, such as firewalls, IDSs and routers. TowerView uses 100 pre-packaged rules and a rules processing engine to perform statistical analysis and correlation.

The TowerView 1000 appliance is designed to correlate data from up to 30 devices, while the TowerView 2000 appliance is designed to correlate data for 30 to 90 devices. Pricing starts at $48,000.

Despite the enhancements to SIM products, John Pescatore, a vice president with Gartner, says vendors need to add more capabilities to meet security specialists' needs this year.