Computerworld - The torrent of data generated by the myriad security devices needed to protect enterprise networks is creating demand for security event management software capable of mining the data for meaningful information.
Two of the better-known vendors in this market are releasing upgrades to their products to provide enhanced response and graphical analysis functions.
One is Edison, N.J.-based NetForensics Inc., which next week will announce Version 3.1.1 of its namesake security information management software. A key enhancement is an automated response capability that prescribes specific actions administrators can take in response to security incidents, said Nitin Ved, president of NetForensics.
Beyond merely alerting administrators to potential problems, the new software walks them through a remedial procedure based on the SANS Institute's Six-Step Incident Response process, Ved said. Another key addition is a user-based visualization capability designed to simplify the manner in which data is presented to business users, security analysts, auditors and network administrators, he said.
Such enhancements add further value to the alerting capabilities that are already enabled by the software, said Jim Patterson, a systems analyst for the state of Illinois in Springfield. The government office has been using NetForensics for several years to collect and correlate information from its firewalls, intrusion-detection systems and antivirus products.
Sunnyvale, Calif.-based ArcSight Inc., meanwhile, released Version 3.0 of its security event management software (download PDF). A key feature of the upgrade is a new archiving and retrieval function designed to reduce the cost of storing and managing security event data, said Hugh Njemanze, chief technology officer at ArcSight.
ArcSight 3.0 modifies the manner in which security event data is stored in databases and uses new compression technology, allowing users to store five times as much data in the same amount of space used previously, Njemanze said. A new analyst collaboration function lets security administrators from multiple locations collaborate on the same data to evaluate threats and responses, he said.
Despite the value such management software can deliver, vendors have a long way to go when it comes to linking security event data to business impact, said Jim Hurley, an analyst at Aberdeen Group Inc. in Boston. "How do you know if a security event is really worth bothering [with] without first knowing how material it is to the company's business processes?" Hurley said. Event management software won't reach its full potential until this sort of decision-making is enabled, he said.
KEY FEATURES NetForensics 3.1.1 
User-based visualization: Offers simplified data views. Incident resolution management: Offers a single control point for managing events and handling incidents.
ArcSight 3.0 SmartStorage Archiving and Retrieval: Designed to provide more efficient storage and retrieval of incident data. CounterACT Active Response: Works with third-party configuration and policy-compliance managers to stop attacks.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
