Now that security is a high priority for most companies, businesses are finding themselves overwhelmed with security-related data. However, one new tool can help an enterprise make sense of its reams of daily reports.
A director of information technology at a major health care provider, who requested anonymity, said that security-related
events are a drain on his staffing resources. He is often forced to allocate as many as 10 or 15 people to do nothing but look at logs until a problem is identified.
His company is now using Network Security Manager, a product from Intellitactics Inc., a Bethesda, Md., security vendor. Intellitactics is one of a number of companies, including NetForensics Inc., that provide security management tools. These tools help companies use existing security data more efficiently, said Mark Nicolett, research director with the Stamford, Conn., research firm, Gartner Inc.
"There is too much data; companies need something that can categorize the threats and prioritize them, evaluate the data to present the events that are the most critical," Nicolett said.
Intellitactics' product aggregates data from any security-related application that can generate a report. It also has a graphical user interface that helps security professionals better understand security events, said Paul Sop, CTO and cofounder of Intellitactics.
That user interface has been useful for the health care company. Its IT director said that with this system, he can click on an event and trace it back to its source. Instead of spending several hours tracking down a single event, he said, his employees can now look at dozens or even hundreds of events in the same amount of time.
The tool can also help identify intrusions from the inside that may not be as easy to identify with other tools. For example, if someone accesses certain files for the first time, or if someone from one department suddenly accesses files owned by another department, that activity can be noted, Sop said.
Deploying Network Security Manager is not simple. The IT director with the health care provider said that he divided his systems into two categories, the critical zone and the rest of the network. The critical phase of deployment took one month, the second phase, two months. Deployment also requires detailed knowledge of the network and the security tools already on the network.
Many companies from both the network-monitoring market, such as Computer Associates International Inc., as well as security vendors, such as Symantec and others, are developing products that provide similar aggregated views, Nicolett said.
FOR MORE INFORMATION:
Browse our best networking Web links on security