Tools address security concerns

Faced with regulatory compliance requirements and grueling audits, network managers are turning increasingly to security-event management systems to detect when policies have been breached.

SEM products - from e-Security, Network Intelligence, ScriptLogic, TriGeo and others - have data aggregation and event correlation features similar to those in network management software. These products automate the manual process of collecting event-log data from file systems, security appliances and other network devices such as firewalls, proxy servers, intrusion-detection systems, routers and switches, and anti-virus software.

With upgraded releases, the vendors are separately augmenting their suites with advanced reporting, additional storage capacity and new form factors to enable smaller customers to roll out SEM tools.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Faced with regulatory compliance requirements and grueling audits, network managers are turning increasingly to security-event management systems to detect when policies have been breached.

SEM products - from e-Security, Network Intelligence, ScriptLogic, TriGeo and others - have data aggregation and event correlation features similar to those in network management software. These products automate the manual process of collecting event-log data from file systems, security appliances and other network devices such as firewalls, proxy servers, intrusion-detection systems, routers and switches, and anti-virus software.

With upgraded releases, the vendors are separately augmenting their suites with advanced reporting, additional storage capacity and new form factors to enable smaller customers to roll out SEM tools.

E-Security and Network Intelligence are set to unveil this week their latest products at the RSA Conference. E-Security has taken the technology of its Sentinel enterprise-level software and put it into an appliance - the Sentinel AP - designed for faster installation and easier ongoing maintenance by small to midsize customers or remote-office deployments. Network Intelligence is adding a module to its EnVision software suite that will let customers get security events, compliance statistics and reports via a management dashboard. ScriptLogic last week introduced File System Auditor, software that helps customers collect file-system logs and compare changes or actions against preset policies.

"The learning curve for security management tools is so steep that these vendors will have to continue to broaden their reach with security controls and IT policies," says George Hamilton, director of enterprise computing and networking at The Yankee Group.

Industry watchers speculate that SEM vendors and the IT duties the software performs will be absorbed eventually by larger management and security vendors - for example, IBM acquired Micromuse, which had earlier acquired GuardedNet. They also say that for the time being, specialized SEM vendors offer a much-needed technology. "Everyone is suffering from compliance fatigue right now, and it's driving SEM purchases, because people have the budget to address that immediate concern," Hamilton says.

According to The Yankee Group, the security industry overall generated about $12.9 billion in revenue in 2004, and of that, SEM accounted for a modest $250 million. However, the research firm projected that by the end of 2005, SEM would grow by more than 30% to be a $330 million market, and that in 2008 it will be an $800 million market.

Dan Guerra, systems manager at the Archdiocese of Boston, uses File System Auditor to collect data on files being accessed across his Microsoft Windows and IBM environment. His organization provides benefits to many organizations, and he says it must comply with the Health Insurance Portability and Accountability Act (HIPAA). File System Auditor, which runs in the file system driver, lets him collect data in a centralized location on those trying to access file systems. The software also helps him follow up on the policies that may have been breached.