Security Management Gains SophisticationSecurity Management Gains Sophistication

The risks and complexity of I.T. security threats keep growing. Fortunately, systems for dealing with them are getting more sophisticated, too. SAS Institute Inc. and Symantec Corp. last week unveiled tools for aggregating and analyzing data on security events, and ArcSight Inc. and IBM will introduce new versions of their own comprehensive security-management products.

Businesses hope the new products can help them stay a step ahead of bugs and bad guys. Donald Haile, president at Fidelity Systems Investments, sees threats taking new forms. "Transaction theft and application exploits are where we see things moving," he says.

The brokerage firm is consolidating some of its 8,000 servers in an effort to reduce potential network vulnerabilities, and it's interested in Symantec's new Security Management System as a way of funneling alerts from numerous point products into a comprehensive system that makes it easier to assess danger and take action.

The Symantec system, to be introduced piecemeal in the months ahead, is comprised of three major components: an event manager that uses "collectors" to pull in virus and firewall activity from heterogeneous security products; a higher-level incident manager that correlates and analyzes those events; and a component for managing security-policy compliance.

Symantec isn't the only company developing a better security manager (see "Data Deluge," Aug. 19, p. 20). SAS Institute is building on its experience in data warehousing; SAS's IT Security Management platform, due next month, will serve as a repository for data generated by security devices and can generate reports based on that data.

Dan Minto, SAS's director of worldwide strategy for IT management solutions, declined to name any companies that have tested the product, but he says a large government agency is in line to be one of its first customers. The software ranges from $70,000 to $145,000.

IBM's Tivoli's Risk Manager 4.1, available this month, includes a "heartbeat" feature that sends signals over a network to systems being monitored and, if a system doesn't respond, notifies administrators of potential problems. IBM officials say those and other new capabilities represent a step in the direction of self-managing systems.

ArcSight this week will unveil its upgraded security-management product, ArcSight 2.0, which uses an enhanced correlation engine to advise administrators on how to deal with security concerns based on criteria such as asset value, vulnerability, and real-time alerts. The software ranges from $100,000 to $500,000.

Union Bank of California has used the earlier version of ArcSight's product for eight months to consolidate output from a variety of security devices. "You can't control the threat pool, so you better know how to deal with it," VP of security Bob Justus says.

Despite the growing sophistication and comprehensiveness of security-management systems, IT professionals will face tough integration tasks for years to come, predicts Peter Lindstrom, research director at Spire Security, a small research firm. That's because no single product addresses the many areas that need attention, including improved usability and forensics, he says.

Even if there were a do-it-all system, some threats would be nearly impossible to stop. Says Fidelity's Haile, "Those who can get in through the firewall because we want them to are one of our largest threats."