Security tools tackle the unknown

Companies are turning to integrated security management systems to combat the increasing sophistication of security threats,...

Companies are turning to integrated security management systems to combat the increasing sophistication of security threats, writes Eric Doyle.

Systems are vulnerable to new threats until a detection and prevention method is devised. This means that systems can be brought down before action is taken.

By monitoring the overall security status on a single screen, what would be seen as unrelated events can be linked, allowing action to be taken before the damage spreads.

Internet Security Systems (ISS) and Micromuse have both released control panels to display the status of security devices such as anti-virus software, firewalls and intrusion detectors.

Realsecure Siteprotector from ISS unites management of its homespun range of products, but Micromuse is taking a less parochial approach by integrating third-party products into its Netcool for Security Management control centre.

Kenneth de Spiegeleire, head of security access services at ISS, said, "The emphasis in security is shifting from detection to protection. Rather than finding a counter-missile that can shoot down a problem, we are now providing an umbrella to cover the entire system."

ISS Siteprotector unifies the management of network, server and desktop products such as Internet Scanner, which probes communication services, operating systems, applications and routers to discover vulnerabilities that might be open to attack, and the Blackice anti-hacking system.

Micromuse similarly encompasses its own range of Netcool security products but can be extended to include partner products from Checkpoint, Network Associates, Sniffer (IDS Solutions), Johnson Controls and Asita Technologies.

Ed Young, director of access strategies at Micromuse, said, "Security now has to concentrate on risks by correlating events. The status of various protection systems can be displayed through a Web browser and thresholds can be set to alert managers when an unusual event occurs."

In both cases, the aim is to allow network managers to see exactly what is happening. A single package only shows what is happening to the device or system it is monitoring, but by getting an overall view causes and effects can be seen across the network. This offers a better opportunity to determine exactly what is causing the anomaly and to see the full extent of its effects.

Read more on IT risk management