A slew of security event management vendors are set to offer products that address everything from how security problems affect applications to ensuring network devices comply with internal and regulatory policies.
ArcSight, Network Intelligence and Open Service each will release product upgrades that promise to help enterprise IT managers get a handle on the security events across their networks. SEM products, sometimes referred to as security information management (SIM) tools, automate the collection of log data from security devices and help users make sense of it through a common management console. These tools usually consist of software, servers and agents, or probe appliances, depending on vendor.
SIM products use data aggregation and correlation features similar to those of network management software and apply them to logs generated from security devices such as firewalls, proxy servers and intrusion-detection systems (IDS), and from anti-virus software. SIM products also can normalize data - translate Cisco and Check Point alerts, for example, into a common format so the data can be correlated.
The technology promises to ease the burden of security staff trying to make decisions from raw log data collected off network and security devices across large corporate networks. Vendors are attempting to do more than automate the tedious tasks and provide customers with more information on what security events could mean, how they could affect business applications and when systems could be out of compliance with regulatory standards.
For its part, Network Intelligence this week will announce enVision 2.1, which includes features to correlate security log data to business assets, such as groups of users, geographic locations and server farms, as well as additional storage capabilities to ensure raw security data is saved and backed up according to compliance policies. The company also introduced a GUI to add intelligence to reporting and put security incidents into a business perspective.
When coupled with a vulnerability scan, enVision could quickly show that, say, an office was experiencing a security problem, such as a downed firewall, without having to understand the complexities of firewalls and IDSs.
Company executives say compliance modules added to the product could help companies stay on top of regulatory requirements. EnVision 2.1 also can take advantage of an add-on storage array the vendor released last month. The SIM add-on storage array sits behind Network Intelligence's LS, ES or HA security appliances, and protects and compresses data stored on it. The company's latest release is priced at $20,000, $80,000 or $200,000, depending on the number of devices managed.
Network Intelligence also added capabilities that let software spot anomalies in security and network traffic, similar to products from Lumeta and Q1 Labs. The traffic-monitoring capabilities would let software alert security staff to problems before they happen.
"For example, instead of asking the user to build rules to look for something specific, the product will look for subtle anomalies on its own, using its knowledge of what is normal based on traffic source, destination, payload and users," says Matt Stevens, president of Network Intelligence.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment