Security Pros Take Control

In the course of protecting networks, security administrators are continuously slammed with red alerts warning of possible threats. When an intruder gets through, administrators have to scrutinize reports, scour data generated by firewalls, and fire up the antivirus management console so they can determine the nature of the attack and how to squash it.

Add in antivirus updates, software patches, user access rights, and passwords, and administrators can easily get overwhelmed. "It's just like 10 years ago in the beginning of deploying networks. Customers deployed a ton of servers and applications and then realized they had to find a way to manage all of that stuff," says Chris Strug, VP of corporate development at OpenService Inc., a security-management software vendor.

Unlike network systems-management software, which can be administered from a central console that lets IT managers track, correlate, and diagnose problems, many security tools require separate management consoles. Now, this situation is changing.

Internet Security Systems Inc. this month shipped RealSecureSiteProtector, which manages the vendor's security applications, such as desktop firewall and host-and network-based intrusion-detection systems, from a central console in SiteProtector. SiteProtector lets IT managers consolidate and correlate security events, says Christopher Klaus, Internet Security Systems founder and chief technology officer.

The security vendor isn't the only one consolidating management of its security products. Symantec Corp. plans to integrate its antivirus, intrusion-detection, and firewall apps into one console.

While security vendors are just beginning to provide management capabilities, other vendors have offered these capabilities for a couple of years. System-management vendor NetIQ Corp. and enterprise-security-management vendors OpenService and e-Security Inc. have had such applications. But businesses have been slow to adopt the tools, Gartner analyst John Pescatore says.

That's a surprise to Wilson Ye, security manager for Paul, Hastings, Janofsky & Walker LLP, who three months ago started using NetIQ's Security Manager to add a layer of security to the Los Angeles law firm's network. "You have all of these logs and attack signatures to examine; you have to go through them step by step," he says. "It's time consuming."

Security Manager lets Ye capture, correlate, and manage security events from one console. It saves time and provides security defense in depth, he says, by giving the company a higher-level view of security events across the network.

Greg Aldrich, director of security and communications for $7.8 billion-a year Swiss logistics company Danzas Group, turned to OpenService's SystemWatch security-management software to improve the reliability of more than 40 firewalls Danzas has operating internationally. "We would get a call when a business segment wasn't able to communicate, and by then it's much later than we want problems to go," Aldrich says. SystemWatch has helped Danzas manage system warnings ahead of time, before a firewall crashes, he says.

Other management features in SystemWatch have provided side benefits. "Once we saw the value of the information it pulls from our logs, we realized it could help us get more work done with our existing security team," he says.

More companies will soon turn to enterprise-security-management applications, says Pete Lindstrom, director of security strategies for Hurwitz Group. These applications make sense out of the many events security tools uncover, and they can read and consolidate security event logs from Oracle, SAP, Unix, and Windows systems.

Says Lindstrom, "Everyone wants a security cockpit, and these tools promise the best cockpit for the near term."