Vendors link security to management

New and upgraded products address provisioning, intrusion prevention, mainframe databases.

Security vendors will be unveiling a slew of products over the next two weeks that are designed to manage and make sense of security events, provision users, spot vulnerabilities and secure data on mainframe networks.

Security information management (SIM) vendors ArcSight, High Tower and netForensics separately will announce new product versions and additional features.

SIM software automates the collection of event log data from security devices, helping users manage information from disparate devices and systems on a common management console. The products use data-aggregation and event-correlation features and apply them to event logs generated from firewalls, proxy servers, intrusion-detection systems (IDS), servers and anti-virus software.

NetForensics next week will introduce two software add-ons to the company’s SIM netForensics platform at the RSA Conference in San Francisco. Security Posture Analysis 1.0 provides information on assets such as users, applications and business processes affected by security events, while Incident Resolution Management 1.0 offers tools to better manage the process involved in responding to problems.

With its new impact analysis and workflow templates, netForensics made it easier to relate security events with pre-set business priorities.

“The upgrades would allow users to make more rapid decisions about whether they need to react to a security event,” says James Hurley, a group vice president at Aberdeen Group. The software add-ons will be available upon announcement and work with netForensics’ flagship software. Pricing for the platform starts between $20,000 and $50,000, and scale depending on the number of users and software add-ons purchased.

Competitor ArcSight this week will launch Version 3.0 of its flagship software of the same name. Company officials say the latest release can handle more events per second, compress data to let security managers store more security information and link security events to business applications.

“Security and line of business are two worlds that have remained distinct,” says Hugh Njemanze, CTO at ArcSight.

Aberdeen’s Hurley says ArcSight, netForensics and others need to work harder on relating security problems to business impact. “It’s the biggest problem,” he says. “Senior business executives don’t realize they need security until something happens.”

ArcSight 3.0 is expected to ship within 60 days. Pricing starts at about $100,000.

High Tower this week will make available its TowerView software packaged on appliances. TowerView collects data and events in real time from network and security devices, such as firewalls, IDSs and routers. TowerView uses 100 pre-packaged rules and a rules processing engine to perform statistical analysis and correlation.

The TowerView 1000 appliance is designed to correlate data from up to 30 devices, while the TowerView 2000 appliance is designed to correlate data for 30 to 90 devices. Pricing starts at $48,000.

Despite the enhancements to SIM products, John Pescatore, a vice president with Gartner, says vendors need to add more capabilities to meet security specialists’ needs this year.

“Security managers need more than data from raw logs. They need compliance enforcement, Web and application server configuration management, and Linux support needs to be included,” he says.

Also this week, Maxware, known for its meta-directory technology, will introduce provisioning software called Identity Center. The software, which also will be featured at the RSA Conference, includes a workflow engine for provisioning users and resources across a network using a set of rules and policies stored in its database.

The software is part of Maxware’s overall identity-management lineup. Identity Center features include user self-service, notifications, event escalation, password reset and a connector library. The software costs $17.50 per user for 10,000 users.

TippingPoint Technologies this week is introducing a version of its UnityOne software ($25,000) that adds traffic shaping to intrusion-prevention capabilities so networks can remain unclogged by malicious traffic floods. (Read more here)

Once customers use the company’s intrusion-prevention system to set baselines for network traffic, they can set thresholds for throttling certain traffic types if the gear detects unusual behavior.

The company says the traffic shaping can be used to block or limit outbound peer-to-peer traffic so corporate machines don’t become public servers for music file sharing and other peer-to-peer applications. This capability can be used to give priority to voice traffic. TippingPoint says its Digital Vaccine service also will send updates to protect VoIP traffic from exploits designed to disrupt voice traffic.

“Integrated boxes that perform multiple security functions can be more intelligent and efficient when analyzing, say, packets as they flow through the box,” says Lance Travis, a vice president with AMR Research. “But the downside is they can represent a single point of failure on the net.”

In an effort to help users simplify IT infrastructure while keeping it secure, IBM last week announced updates to its mainframe operating system to enable multi-level security access to database information.

The security features in z/OS 1.5 work with IBM’s DB2 Universal Database for z/OS Version 8 to let users centrally manage multi-tiered access to information based on a user’s security clearance. Typically, government agencies, financial institutions and other organizations with strict security requirements have to run separate databases to isolate confidential information, resulting in duplicate infrastructures. The multi-level security technology lets IT managers consolidate these systems, says Jim Porell, chief strategist for IBM zSeries Software.

“In our environment, the z/OS security server provides a single control point and a single point for compliance analysis and auditing across the database, operating system and network,” he says.

The z/OS 1.5 and DB2 Universal Database for z/OS Version 8 are scheduled for availability March 26. Pricing for zOS is based on monthly license fees that depend on use.