Suppliers are stepping up security management in an effort to help organisations improve information sharing and...
respond more effectively to computer attacks.
This week, ArcSight will unveil a partnership with the Computer Emergency Response Team Co-ordination Center (CERT/CC) to launch a Cyber Security Information Sharing Project (CSISP) at three US universities.
The CSISP will examine technical aspects of data sharing, regulatory constraints, policy, and privacy issues, said Rich Pethia, director of the CERT/CC at Carnegie Mellon University in Pittsburgh.
Using emerging standards to exchange security messages, ArcSight's software will monitor data from university security devices and pass that information on to CERT/CC to identify threats.
"We need to move away from manual, word-of-mouth reporting that we have today to a system of interoperable components which can share information at internet speeds to head off attacks," Pethia said.
Tools lacking standardisation on syntax and vocabulary must be fixed, said Eric Ogren, senior analyst at The Yankee Group.
To add value to its CSISP initiative with ArcSight, Ogren said CERT/CC needed to create meta definitions for events earmarked for sharing across communities.
Version 3.0 of ArcSight's software will include adaptable incident analysis and response features to allow users to detect suspicious patterns through trending and enable new rules to be created without authoring signatures for defence.
Brian Fonseca writes for InfoWorld