Security management products on tap from CA, SenSage

New versions of enterprise security-information management products from Computer Associates and SenSage look to combine event data and logs from several sources to provide users a bird's-eye view of security.

SIM software works by aggregating security-event information from intrusion-detection systems, anti-virus software, routers and servers. CA and SenSage say their updated SIM software improve on how events are reported and tracked. CA this month will release Version 8.0 of eTrust Security Command Center, and next month SenSage will unveil SenSage 3.0.

"We now have workflow for trouble ticketing," says Sam Curry, vice president of e-Trust security management at CA. "Before, you could only create a trouble ticket through third-party products, including Remedy, Peregrine or HP."

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

New versions of enterprise security-information management products from Computer Associates and SenSage look to combine event data and logs from several sources to provide users a bird's-eye view of security.

SIM software works by aggregating security-event information from intrusion-detection systems, anti-virus software, routers and servers. CA and SenSage say their updated SIM software improve on how events are reported and tracked. CA this month will release Version 8.0 of eTrust Security Command Center, and next month SenSage will unveil SenSage 3.0.

"We now have workflow for trouble ticketing," says Sam Curry, vice president of e-Trust security management at CA. "Before, you could only create a trouble ticket through third-party products, including Remedy, Peregrine or HP."

CA also is beefing up the eTrust Security Command Center's capability to correlate multiple events to detect the root cause of security problems rather than just centralize access to the information. Users will be able to write customized correlation rules through templates that ship with Version 8.0 and add a way to perform event analysis after they might have occurred.

Many of these features were developed with reseller AtosOrigin, which used eTrust Security Command Center to monitor the sprawling 60-location internal network deployed at the 2004 Summer Olympics in Greece.

Patrick Abida, vice president of Olympics and major events at AtosOrigin in Paris, says eTrust Security Command Center helped prioritize 3 million "security events" and filtered them down to what were 20 "potentially critical" problems that largely involved attempts to gain unauthorized access to the Olympics network.

SenSage, which until last week was called Addamark Technologies, next month will unveil an upgraded SIM product, Linux-based software that aggregates event information from network logs, operating systems, firewalls, and single sign-on applications.

SenSage 3.0 adds real-time event correlation and reporting, says CEO Jim Pflaging, adding, "This is for the purpose of pinpointing internal activity."

Less-complex services

While SIM is a type of monitoring and security analysis software that can be expensive to own, there is a growing array of less-complex monitoring services that can be used by corporations on an outsourced basis to help plug security holes.

A new managed service that made its debut last week is from IPxray, a start-up that offers a range of security-monitoring services it calls GapVision.

IPxray President and CEO Sholan Ellenberg says the Web-based GapVision is a suite of remote-scanning services that can be launched to identify holes in servers or other equipment. One GapVision service also monitors Web and e-mail servers to ensure they are available and performing at expected response-time thresholds.

IPxray is competing with remotely hosted managed vulnerability-assessment services such as Qualys, although Qualys does not have a server-availability monitoring service.