Symantec tool streamlines security
The network-security software maker joins companies such as Nortel and Cisco and releases a package designed to group standalone tools into an integrated system.
Called the Symantec Security Management System, the package integrates standalone security products into a more-streamlined setup that can be centrally maintained.
With the release, Symantec becomes the latest security company to take the streamlining approach. Corporate clients have been looking for ways to reduce the amount of time system administrators need to patch computers and respond to new viruses and worms.
"Customers have told us that the network perimeter is disappearing, their security risks are rising, internal staff resources are slim and regulatory pressures are high," Symantec CEO John W. Thompson said in a statement.
Last week, Nortel Networks revealed that it would link its products together into an integrated network-security platform. Cisco Systems, Check Point Software and IBM made similar announcements later in the week.
Standalone network-protection products, such as intrusion-detection systems and firewalls, flag any unusual network behavior as a security "event." But the products receive an overwhelming amount of such data, some innocuous and some serious. If a worker accidentally types in the wrong Web address, that registers as an event, and an outside scan of the network by an attacker looking for a way in can create hundreds or thousands of events.
Enabling these standalone products to communicate helps cut through the mass of information and sort the true threats from the false alarms. And in fact, products that can't be centrally managed may not actually be doing much to help security, according to John Pescatore, research director for Internet security at Gartner.
Three elements
The Symantec Security Management System brings together three components: the Event Manager; the Incident Manager; and the Enterprise Security Manager (ESM), software for measuring how well companies comply with their own security policy.
The Event Manager consolidates data from Symantec's antivirus and firewall products, as well as other companies' products, and provides a mile-high view of what the network-security systems are encountering.
The Incident Manager looks at the events on the company's internal network as reported by a variety of products and correlates related events into "incidents," or potentially serious threats. Companies can track possible security breaches as well as their response to the breaches.
The Incident Manager also provides guidance to system administrators based on information from the Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon University and the SANS (SysAdmin, Audit, Network, Security) Institute, a security research and education organization made up of government, corporate and academic experts.
Finally, the ESM identifies instances in which employees and computers are not complying with a company's security policy. The ESM tracks each case until it is resolved, allowing for high-level oversight of a company's security.
Symantec also announced a bevy of partners that will be supporting its new system. Top accounting firms, including Deloitte & Touche, Ernst & Young and PricewaterhouseCoopers, will add the system to the security solutions they may recommend to clients. Product partners include IBM, Qualys, Arbor Networks, Netegrity, RSA Security, Sun Microsystems and Tipping Point.
But although Symantec and others have embraced the streamlining approach, some companies argue that the new integrated systems themselves require management by an expert third party.
"When you buy a piece of security technology, you don't get any guarantees or warranties," said Maria Cirino, CEO of managed security service provider Guardent.
Companies such as Guardent compete in many ways with firms like Symantec that provide do-it-yourself solutions. But in other cases they compliment each other, with one company providing the network hardware and software and the other managing the whole shebang.
With 15 of the Fortune 50 using her company's services, Guardent's Cirino argues that simplifying systems is a good first step, but that properly managed security should be the goal.
"Maybe its time we don't build another mote," Cirino said, "that we don't throw another technology at the problem."