When security management gets elaborate…
The threat from viruses, worms and hackers is getting
out of hand; enterprises seem to be losing the endless battle against such threats.
The plethora of security solutions that an enterprise deploys is likely to compound
the problem. Security solutions vendors have acknowledged this and have formed
strategies to address these problems. Computer Associates for one, is working
closely with other platform vendors and security solutions vendors to make it
easier for enterprises to manage vulnerabilities and proactively protect themselves
from future threats.
problem now is that there is too much information coming in from all the security
solutions that are in place (too many logs, too cryptic information). The key
thing is to understand this information and find out what is significant. The
important thing is to identify an important response to it, to mitigate a particular
risk," said Piti Pramotedham, Managing Director, Asia South, Computer
Associates. "We are providing a technology that will help IT security professionals
understand what is happening in their infrastructure.
Pramotedham said CA's eTrust Security Command Center
software acts as a center point for this. "Command Center receives alerts
in real-time, from all the security solutions. It overlays all the information
coming in, then analyzes it to see if a particular threat is real to their environment.
Thus, it checks what pieces in their environment are affected, so that enterprises
can act on this information."
The other problem that enterprises face is vulnerability
According to CERT/CC, cyber incidents and vulnerability
volume are on the rise. On average, more than 40 vulnerabilities are published
daily. As the number of vulnerabilities discovered rises, so does the probability
of attacks and the associated costs.
CA says this scenario makes it difficult for an enterprise
to accomplish timely, cost-effective vulnerability management without an accurate
inventory of its assets and technologies, and to understand the vulnerabilities
that affect these.
To address such challenges CA is offering software
called eTrust Vulnerability Manager, which works closely with the eTrust Security
Command Center. Vulnerability Manager (VM) is a database that CA maintains,
in cooperation with all the platform vendors.
"If Sun or Microsoft for instance, were to come
out with a vulnerability report, we would examine that, give it a rating, analyze
what the impact could be, what are the available solutions (patches etc)and
then inform the customer through Vulnerability Manager. The VM would take this
and map the impact to their own IT infrastructure. The customer could then decide
the course of action (whether to download the patch)," said Pramotedham.
The third solution that CA is offering is Unicenter
Network Forensics. This solution can analyze network traffic for vulnerabilities,
in real-time, and across diverse network infrastructures. Forensics understands
over 7,000 networking protocols.