When security management gets elaborate…

The threat from viruses, worms and hackers is getting out of hand; enterprises seem to be losing the endless battle against such threats. The plethora of security solutions that an enterprise deploys is likely to compound the problem. Security solutions vendors have acknowledged this and have formed strategies to address these problems. Computer Associates for one, is working closely with other platform vendors and security solutions vendors to make it easier for enterprises to manage vulnerabilities and proactively protect themselves from future threats.

"The problem now is that there is too much information coming in from all the security solutions that are in place (too many logs, too cryptic information). The key thing is to understand this information and find out what is significant. The important thing is to identify an important response to it, to mitigate a particular risk," said Piti Pramotedham, Managing Director, Asia South, Computer Associates. "We are providing a technology that will help IT security professionals understand what is happening in their infrastructure.

Pramotedham said CA's eTrust Security Command Center software acts as a center point for this. "Command Center receives alerts in real-time, from all the security solutions. It overlays all the information coming in, then analyzes it to see if a particular threat is real to their environment. Thus, it checks what pieces in their environment are affected, so that enterprises can act on this information."

The other problem that enterprises face is vulnerability management.

According to CERT/CC, cyber incidents and vulnerability volume are on the rise. On average, more than 40 vulnerabilities are published daily. As the number of vulnerabilities discovered rises, so does the probability of attacks and the associated costs.

CA says this scenario makes it difficult for an enterprise to accomplish timely, cost-effective vulnerability management without an accurate inventory of its assets and technologies, and to understand the vulnerabilities that affect these.

To address such challenges CA is offering software called eTrust Vulnerability Manager, which works closely with the eTrust Security Command Center. Vulnerability Manager (VM) is a database that CA maintains, in cooperation with all the platform vendors.

"If Sun or Microsoft for instance, were to come out with a vulnerability report, we would examine that, give it a rating, analyze what the impact could be, what are the available solutions (patches etc)—and then inform the customer through Vulnerability Manager. The VM would take this and map the impact to their own IT infrastructure. The customer could then decide the course of action (whether to download the patch)," said Pramotedham.

The third solution that CA is offering is Unicenter Network Forensics. This solution can analyze network traffic for vulnerabilities, in real-time, and across diverse network infrastructures. Forensics understands over 7,000 networking protocols.

— Brian Pereira