Software helps battle network security threats

Two vendors recently upgraded products that promise to help network executives identify potential threats and reduce the effects of vulnerabilities on revenue-generating applications.

Security information management (SIM) vendors Intellitactics and OpenService separately released products last week that could help users integrate security into current management and application software infrastructure. The integration is necessary as more government regulations such as the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley act emerge and require companies maintain an audit trail for network, management and security data.

“Security isn’t just about shielding the network from threats. It’s about accountability as well,” says Rich Ptak, president of Ptak, Noel & Associates, an analyst research firm. “Management personnel now more than ever need to document and prove that they have taken adequate steps to protect their infrastructure and assets.”

SIM software automates the collection of event log data from security devices, helping users make sense of it through a common management console. The products use data-aggregation and event-correlation features similar to those found in network management software, and apply them to event logs generated by firewalls, proxy servers, intrusion-detection systems (IDS) and anti-virus software.

Specifically, Intellitactics unveiled its Network Security Manager (NSM) 5.0, which now includes features that determine the potential threat of events or alerts on security devices. With customization, the software also can let a network manager know if a security event will affect a specific application or department. The company says its engineers incorporated knowledge about the cause of security alerts into the product so that it could more quickly determine the cause of threats.

For example, if an IDS such as Cisco’s IDS 4250 appliance or Internet Security Systems’ Proventia A201 generates an event, NSM 5.0 would analyze the origins of the alarm, its destination and potential impact, essentially narrowing down the causes before it passes it over to IT staff.

The release also lets security managers customize the level of attention a security alert should garner, based on the device and the lines of business it supports. For example, for an online retailer, an event on the firewall in front of an ordering system might take precedence over a string of events on an IDS box at a remote office. Intellitactics also added more storage capacity to NSM 5.0, which the company says provides space for unaltered log files that need to be preserved in order to comply with regulations.

NSM 5.0 costs about $200,000 for an entry-level implementation.

Meanwhile OpenService also had business in mind when it upgraded its Security Threat Manager (STM) software. Version 2.0 of the company’s flagship software includes a feature that evaluates the threat level of the attack, the target of the attack and the effect on business the attack could have. Other new features include an escalation process that would help security and/or network managers more quickly determine the next step when a threat arises or a vulnerability is detected.

“The main thing is when we get an error message from a firewall, we now can react quick enough and know how to react,” says Bob Wrobel, data security manager for Ace Hardware in Oak Brook, Ill. “There is time associated with going over logs, and we didn’t want to be reactive.”

Other new features include enhanced vulnerability assessments and improved correlation that can tell security managers in real time if an event on an IDS relates to an event on a firewall and to an event on a server, and so on, the company says. Correlating the events would prevent multiple security administrators from separately exploring or trouble-shooting the events and would speed problem resolution.

Entry-level pricing for STM is $50,000, with the average implementation costing about $100,000.