Tools Promise Better Security Management
New products allow centralized administration
Computerworld - San FranciscoCentral management of multivendor security systems and the data they generate can lead to better risk management and auditing capabilities, users said at last week's RSA Conference 2003 here.
And vendors are lining up to tap into that opportunity, with new products offering single-point administration of activities ranging from threat identification and mitigation to identity management, access control and configuration of security systems made up of products from multiple vendors.
Conference host RSA Security Inc. rolled out identity and access management software called Nexus that's designed to allow central administration of all of RSA's security products. With it, users will be able to centrally manage user and access policies, validate the authenticity of digital certificates and enforce consistent security policies, according to Bedford, Mass.-based RSA.
Such integration would be "nirvana," said Luis Suarez, vice president and manager of PKI and encryption key management at Wachovia Corp. in Charlotte, N.C.
The goal is to make management of disparate technologies "more transparent and seamless," said David Young, IT program director at Geisinger Health System in Danville, Pa. "It is something we have been trying to get our hands around for some time."
Making a similar announcement was Computer Associates International Inc., which said it will launch its eTrust Security Command Center later this quarter. The product, which is in the final stages of beta testing, will give users a browser-based interface for centrally administering multivendor security infrastructures, according to CA.
A week earlier, ArcSight Inc. in Sunnyvale, Calif., announced that it has expanded the number of products supported by its ArcSight 2.1 risk management software. The product can now collect, correlate and centrally report security event data from more than 60 products, such as firewalls, intrusion- and spam-detection software and identity management tools, company officials said.
Driving the need for such tools is the growing complexity of managing a robust security infrastructure, said Karl Jackson, a systems engineer at Brigham Young University in Provo, Utah.
Companies typically have an aggregation of firewalls, host- and network-based intrusion-detection systems (IDS), antispam and antivirus software, and access-control and identity-management tools. On top of all that is the data; a single firewall, for instance, can generate more than 1GB per day. And IDS sensors can log nearly half a million entries daily.
"There are so many different products and so many different ways of looking at things. If I could put everything in one place, it's going to make my life so much easier," said Jackson, who for the past month has been beta-testing CA's Command Centera product he's pleased with. "It's been great," he said. "It kind of centralizes everything, where before you would have to run all sorts of different applications."
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts