Centralised security management
5th January 2003 (Business Computing )
By Matthew Mok

IN the last 12 months, the security industry has seen a new form of threat becoming more prevalent.

Coined as the blended threat, it essentially combines hacking, denial of service attacks, and virus-like propagations. It often spreads without human interaction and rapidly compromises millions of machines globally.

Code Red, Nimda, and Klez are such complex threats, and have caused great financial havoc. For instance, Code Red had cost a worldwide economic impact of US$2.6 billion (RM 9.88 million), while Nimda that has affected 2.2 million systems in just 24 hours wrecked a whopping US$530 million of losses.

Meanwhile, US$4.55 billion has been quantified by 44 per cent of enterprises worldwide as financial losses due to security breaches, states 2002 CSI/FBI Computer Crime and Security Survey.

These threats, together with others like malicious codes and hacking, are making the management of enterprise security an even more challenging task.

The pressure is intensified by the fact that most enterprises today have invested heavily in disparate security solutions like anti-virus, firewall, vulnerability management, and intrusion detection system, that often lack integration and interoperability.

As a result, enterprises face increased operational cost, while relying on isolated security data to make critical security decisions.

Making it more difficult, security products throughout the enterprise scan systems and network traffic, and send messages on every suspicious activity. Each message is termed as a security event, and nearly 10 million occur each month in organisations of a moderate size.

And when incidents (events that require responses) like active attacks, virus outbreaks, and policy violations occur, the ensuing challenge is then to sort through the millions of events to find the incidents in time to take action.

Recognising such problems and the need for an integrated protection system, Symantec Corporation has introduced its Symantec Security Management System.

A comprehensive set of applications that are claimed to alleviate the difficulty of managing and administrating individual security products, the solution delivers proactive controls of the infrastructure and correlated information for better decision-making.

Symantec Asia-Pacific's regional product manager Andy Norton in a teleinterview says, enterprises should consider such centralised security management solution to manage the different vendors’ solutions in their infrastructure, which all have their own control consoles and need to be updated constantly.

"These disparate solutions pose big administrative burden to enterprises, and they require a great deal of resources to actually keep the security infrastructure running smoothly," he says.

According to Norton, Symantec Security Management System consists of a middleware layer that collates data from Symantec and other vendors' security products into one single view for a clear analysis of real-time information.

In addition, it is able to re-correlate events for further fine-tuning and follow-up actions, and provide a policy compliance feature to minimise risks to organisations from new developing threats.

There are three key components under Symantec Security Management System- Event Manager for a complete view of firewall and anti-virus events; Incident Manager for open, real-time incident management; and Symantec ESM for policy compliance and vulnerability management.

Users can deploy all or select only modular components to purchase. Norton, however, is not able to detail the pricing for the solution as the licensing charges are scalable, based on per node, type of functionalities, and number of clients and servers.