Software helps battle network security threats

Two vendors recently upgraded products that promise to help network executives identify potential threats and reduce the effects of vulnerabilities on revenue-generating applications.

Security information management (SIM) vendors Intellitactics and OpenService separately released products last week that could help users integrate security into current management and application software infrastructure. The integration is necessary as more government regulations such as the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley act emerge and require companies maintain an audit trail for network, management and security data.

"Security isn't just about shielding the network from threats. It's about accountability as well," says Rich Ptak, president of Ptak, Noel & Associates, an analyst research firm. "Management personnel now more than ever need to document and prove that they have taken adequate steps to protect their infrastructure and assets."

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Two vendors recently upgraded products that promise to help network executives identify potential threats and reduce the effects of vulnerabilities on revenue-generating applications.

Security information management (SIM) vendors Intellitactics and OpenService separately released products last week that could help users integrate security into current management and application software infrastructure. The integration is necessary as more government regulations such as the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley act emerge and require companies maintain an audit trail for network, management and security data.

"Security isn't just about shielding the network from threats. It's about accountability as well," says Rich Ptak, president of Ptak, Noel & Associates, an analyst research firm. "Management personnel now more than ever need to document and prove that they have taken adequate steps to protect their infrastructure and assets."

SIM software automates the collection of event log data from security devices, helping users make sense of it through a common management console. The products use data-aggregation and event-correlation features similar to those found in network management software, and apply them to event logs generated by firewalls, proxy servers, intrusion-detection systems (IDS) and anti-virus software.

Specifically, Intellitactics unveiled its Network Security Manager (NSM) 5.0, which now includes features that determine the potential threat of events or alerts on security devices. With customization, the software also can let a network manager know if a security event will affect a specific application or department. The company says its engineers incorporated knowledge about the cause of security alerts into the product so that it could more quickly determine the cause of threats.

For example, if an IDS such as Cisco's IDS 4250 appliance or Internet Security Systems' Proventia A201 generates an event, NSM 5.0 would analyze the origins of the alarm, its destination and potential impact, essentially narrowing down the causes before it passes it over to IT staff.

The release also lets security managers customize the level of attention a security alert should garner, based on the device and the lines of business it supports. For example, for an online retailer, an event on the firewall in front of an ordering system might take precedence over a string of events on an IDS box at a remote office. Intellitactics also added more storage capacity to NSM 5.0, which the company says provides space for unaltered log files that need to be preserved in order to comply with regulations.

Click to see:

Meanwhile OpenService also had business in mind when it upgraded its Security Threat Manager (STM) software. Version 2.0 of the company's flagship software includes a feature that evaluates the threat level of the attack, the target of the attack and the effect on business the attack could have. Other new features include an escalation process that would help security and/or network managers more quickly determine the next step when a threat arises or a vulnerability is detected.