Corralling Security Data

Jaikumar Vijayan   Today’s Top Stories   or  Other Security Stories  

The Secure Web Gateway. Mission Critical For Business Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management Security Trends Overview: Targeted Phishing Attack 2008 Internet Malware Trends Report An Overview of PAN Manager by Egenera Computerworld Report- Large Enterprises Pay More for IPAM An Apple for Your Enterprise? Six Questions To Ask About Information And Competition Sign up to receive Security Resource Alerts

August 18, 2003 (Computerworld) -- Like many companies, Online Resources Corp. has deployed host- and network-based intrusion-detection systems (IDS), firewalls and antivirus tools on its networks. But until it installed a security event management suite, the company had a hard time dealing with the deluge of data pouring in from its various security systems. Not only was the incoming data voluminous and highly unreliable, but the IT staff also had to collect it from each system and then manually correlate it.
The Security Information Management suite from Edison, N.J.-based NetForensics Inc. has changed that by automating Online Resources' process of gathering, consolidating, correlating and prioritizing that data, says Hugh McArthur, information security officer at the Reston, Va.-based online bill processor. "It has given us a single place where we can go to get the information we need," he says.
Many companies are turning to centralized security event management tools to help them make sense of crucial security information, analysts say. The ever-increasing number of security appliances around the network perimeter has created a stream of data that needs to be analyzed and correlated, says Michael Engle, vice president of information security at Lehman Brothers Holdings Inc. in New York.
New and proposed regulations that will require companies to constantly monitor their networks for security incidents are also increasing interest in these tools, says Michael Rasmussen, an analyst at Forrester Research Inc. in Cambridge, Mass. "There is a tremendous driver in the security standards and legislation area. The reason why people are buying [such technology] is a direct result of this," he says.
Volume Control
IDSs, firewalls and antivirus software, as well as operating systems and applications software, can detect and report an enormous number of security events daily, say users and analysts.
For instance, the security incident management system at Lehman gathers and analyzes information about more than 1 million events from 15 different systems daily, according to Engle. This includes data from IDSs and authentication systems, a telephony password reset system and an anomaly-detection system, as well as logs from Lehman's main e-commerce, Windows and Unix systems.
By year's end, the firm hopes to have a new system in place that will help it gather and analyze more than 80 million daily events, including consolidated firewall log data.
Sifting through this volume of data without some sort of consolidation and correlation technology is nearly impossible, thereby making the data worthless, says Pete White, a security architect at Houston-based M.D. Anderson Cancer Center, whose own firewalls generate between 15 and 30 alerts every second. Security event management software helps "separate the wheat from the chaff," he says.
Event management software can help cut through the noise,

Continued...
1 | 2 | 3 | NEXT  

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

Sidebar: Sorting Through the Products Corralling Security Data

Sidebar: Security Event Management Tools

"Some Asian airlines are reporting rising losses to inflight credit card fraud because there is typically no online credit-card authorization..." Read more... Read more Security posts or See all Blogs

BlackBerry Storm sales should be strong, Verizon says Microsoft to launch IE8 in '09; RC due out in Q1 Google shutters its Lively virtual world More top stories...

Review: BlackBerry's Storm is awkward and disappointing Microsoft dissed Intel's 915 chip set before making 'Vista Capable' changes NASA sniffs out trouble with electronic nose on space station

2008 Salary Survey: IT pay takes tiny leaps If you're like our 7,000 survey respondents, your paycheck this year has been flattened and your bonus obliterated. We offer 12 ways to plump up your paycheck. Windows 7 in-depth review and video: This time Microsoft gets it right Microsoft's next OS might more accurately be called Windows 6.5: It's essentially a better version of Vista. Twitter for business: 5 ways to tap the power of the tweet Twitter can be a valuable business tool -- if you know what you're doing. Here's how to juice it for all it's worth. Microsoft's 'Vista Capable' changes outraged HP, insider e-mails show By helping Intel with loosened 'Vista Capable' requirements, Microsoft 'severely damaged' its credibility, said an HP exec in a newly unsealed Feb. 2006 e-mail. Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system More Continuing Coverage Windows 7 Voting Technology Google's Chrome browser Economy in turmoil: Latest news and tips iPhone 3G Bill Gates moves on Windows Vista A to Z Mac A to Z 2008 Salary Survey Find wage data for 50 IT job titles. More Special Reports 2008 Premier 100 IT Leaders 2007 Premier 100 IT Leaders 2008 Best Places to Work in IT 2007 Best Places to Work in IT 2008 Salary Survey 2007 Salary Survey 2006 Salary Survey 2008 IT Forecast 2007 IT Forecast 40 Years of Computerworld Top 12 Green-IT Users The FAQs About Going Green IT Schools to Watch iPhone: One Year Later Global Mobile Your Next Data Center Management: Reinventing IT Stop Data Leaks Web 2.0 Security Surviving Disasters Managing Storage Virtualization The Lean Storage Machine Storage on Trial Can Web 2.0 Save BI? Bypass These BI Potholes All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Moving to Windows Vista: The Promise, The Reality Moving to Windows Vista: The Promise, The Reality View this exclusive webcast today! Go to the webcast  Computerworld Executive Bulletin: Building a Robust Antivirus Defense Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing  Quick Sizing Guide for SAS Grid Running on HP BladeSystems and EVA Storage Download this white paper today! (Source: HP) Designed for CIOs, IT managers, data center managers and grid computing architects seeking to improve performance, SAS Grid Computing on the HP BladeSystem c-Class helps accelerate growth and mitigate risks with a simplified, consolidated infrastructure that's agile enough to efficiently handle change. SAS Grid Manager on HP BladeSystem can lower costs through automation, virtualization and improved IT efficiency. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Security Trends Overview: Targeted Phishing Attack Enterprise Findability Without the Complexity Wireless LAN Virtualization: Twice the Network at Half the Cost View more whitepapers

• Sidebar: Sorting Through the Products
• Sidebar: Security Event Management Tools
• Corralling Security Data

• BlackBerry Storm sales should be strong, Verizon says
• Review: BlackBerry's Storm is awkward and disappointing
• Microsoft to launch IE8 in '09; RC due out in Q1
• More top stories 

The Security Zone With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical... Learn more in The Security Zone See All Zones

Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day. New baits

"Turning information into a Competitive Advantage" Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage. View this webcast now!  See more Webcasts

Steven J. Vaughan-Nichols: 64-Bit Linux Adobe Flash Player: Surprisingly good When Adobe decided it was time to provide a 64-bit Flash Player, they released it on Linux and Solaris. Wow. [more]