Tools Promise Better Security Management

Computerworld - San Francisco—Central management of multivendor security systems and the data they generate can lead to better risk management and auditing capabilities, users said at last week's RSA Conference 2003 here.

And vendors are lining up to tap into that opportunity, with new products offering single-point administration of activities ranging from threat identification and mitigation to identity management, access control and configuration of security systems made up of products from multiple vendors.

Conference host RSA Security Inc. rolled out identity and access management software called Nexus that's designed to allow central administration of all of RSA's security products. With it, users will be able to centrally manage user and access policies, validate the authenticity of digital certificates and enforce consistent security policies, according to Bedford, Mass.-based RSA.

Such integration would be "nirvana," said Luis Suarez, vice president and manager of PKI and encryption key management at Wachovia Corp. in Charlotte, N.C.

The goal is to make management of disparate technologies "more transparent and seamless," said David Young, IT program director at Geisinger Health System in Danville, Pa. "It is something we have been trying to get our hands around for some time."

Competing Moves

Making a similar announcement was Computer Associates International Inc., which said it will launch its eTrust Security Command Center later this quarter. The product, which is in the final stages of beta testing, will give users a browser-based interface for centrally administering multivendor security infrastructures, according to CA.

A week earlier, ArcSight Inc. in Sunnyvale, Calif., announced that it has expanded the number of products supported by its ArcSight 2.1 risk management software. The product can now collect, correlate and centrally report security event data from more than 60 products, such as firewalls, intrusion- and spam-detection software and identity management tools, company officials said.

Driving the need for such tools is the growing complexity of managing a robust security infrastructure, said Karl Jackson, a systems engineer at Brigham Young University in Provo, Utah.

Companies typically have an aggregation of firewalls, host- and network-based intrusion-detection systems (IDS), antispam and antivirus software, and access-control and identity-management tools. On top of all that is the data; a single firewall, for instance, can generate more than 1GB per day. And IDS sensors can log nearly half a million entries daily.

"There are so many different products and so many different ways of looking at things. If I could put everything in one place, it's going to make my life so much easier," said Jackson, who for the past month has been beta-testing CA's Command Center—a product he's pleased with. "It's been great," he said. "It kind of centralizes everything, where before you would have to run all sorts of different applications."