Tools Promise Better Security Management
New products allow centralized administration
Computerworld - San FranciscoCentral management of multivendor security systems and the data they generate can lead to better risk management and auditing capabilities, users said at last week's RSA Conference 2003 here.
And vendors are lining up to tap into that opportunity, with new products offering single-point administration of activities ranging from threat identification and mitigation to identity management, access control and configuration of security systems made up of products from multiple vendors.
Conference host RSA Security Inc. rolled out identity and access management software called Nexus that's designed to allow central administration of all of RSA's security products. With it, users will be able to centrally manage user and access policies, validate the authenticity of digital certificates and enforce consistent security policies, according to Bedford, Mass.-based RSA.
Such integration would be "nirvana," said Luis Suarez, vice president and manager of PKI and encryption key management at Wachovia Corp. in Charlotte, N.C.
The goal is to make management of disparate technologies "more transparent and seamless," said David Young, IT program director at Geisinger Health System in Danville, Pa. "It is something we have been trying to get our hands around for some time."
Making a similar announcement was Computer Associates International Inc., which said it will launch its eTrust Security Command Center later this quarter. The product, which is in the final stages of beta testing, will give users a browser-based interface for centrally administering multivendor security infrastructures, according to CA.
A week earlier, ArcSight Inc. in Sunnyvale, Calif., announced that it has expanded the number of products supported by its ArcSight 2.1 risk management software. The product can now collect, correlate and centrally report security event data from more than 60 products, such as firewalls, intrusion- and spam-detection software and identity management tools, company officials said.
Driving the need for such tools is the growing complexity of managing a robust security infrastructure, said Karl Jackson, a systems engineer at Brigham Young University in Provo, Utah.
Companies typically have an aggregation of firewalls, host- and network-based intrusion-detection systems (IDS), antispam and antivirus software, and access-control and identity-management tools. On top of all that is the data; a single firewall, for instance, can generate more than 1GB per day. And IDS sensors can log nearly half a million entries daily.
"There are so many different products and so many different ways of looking at things. If I could put everything in one place, it's going to make my life so much easier," said Jackson, who for the past month has been beta-testing CA's Command Centera product he's pleased with. "It's been great," he said. "It kind of centralizes everything, where before you would have to run all sorts of different applications."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts