http://www.eweek.com/article2/0,3959,570296,00.asp By Dennis Fisher October 1, 2002 NEW YORK -- Symantec Corp. on Tuesday unveiled a sweeping new security architecture as well as a new set of technologies designed to correlate and filter data gleaned from dozens of sources, including competitors' products. It's a move that analysts say was a must for Symantec as the company continues to evolve. "This was absolutely necessary for them," said Chris Christiansen, an analyst with IDC in Framingham, Mass. "With security purchases being driven by ROI and [total cost of ownership], they had to do this." Symantec, based in Cupertino, Calif., made the announcements at its Vision360 security conference here. The Symantec Security Management System comprises three components: Event Managers, Incident Manager and Symantec ESM. Together, they are designed to simplify the administration and management of security components of complex networks. Event Managers are simply agents that collect data from anti-virus software and firewalls. The company currently can pull information from Network Associates Inc. and Check Point Software Technologies Ltd. products, as well as its own solutions. Event Managers for a broader range of products, including those from Entercept Security Technologies Inc. and TippingPoint Technologies Inc. will come later this year. Incident Manager is a system for managing the life cycle of a security incident, from its inception to reaction through remediation. Security managers can set priorities for their networks and the software will adjust its alerts and reports accordingly. Based on a set of guidelines developed by SANS and the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, Incident Manager recommends actions for each incident. The software also issues alerts and notifications throughout the course of an incident's life, updating security personnel on the problem's status and proposed resolution. Symantec ESM, a policy-compliance and vulnerability-assessment tool, can be integrated with Incident Manager. On its own, ESM is designed to enable security managers to develop policies and procedures to help manage security network-wide. Users said Symantec's announcements are a good first step toward a broader interoperability movement in security. "We think there's a strong need for industry standards in the security industry. We need to reduce the amount of complexity," said Don Haille, president of Fidelity Investments Systems Co., based in Boston. "The hackers know where the data is and the road to that data is through your applications." The new strategy was born out of a belief that the network perimeter is a thing of the past, Symantec executives said. "The perimeter is pretty porous and in fact may not be definable," said John Schwarz, president and COO of Symantec. Symantec's Security Management System is the first set of technologies to come out of the company's much talked-about Symantec Enterprise Security Architecture, a standards-based framework designed to make it easier for the company's products to work with third-party solutions. Other vendors, most notably Computer Associates International Inc., and Network Associates, already have the capability to manage some third-party products, a fact that Christiansen said makes Symantec's announcement a necessity for the company. Symantec recently made three major acquisitions, and is still in the process of integrating the technologies it acquired from Recourse Technologies Inc., Riptech Inc. and Security Focus into its own product line. Add the fact that the homogeneous network environment is virtually a thing of the past, and you have a compelling set of drivers for Symantec's announcements. "They've been seriously talking about this for at least two years and thinking about it for maybe four," Christansen said. "In today's heterogeneous environments, they needed to do this." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Oct 02 2002 - 03:43:46 PDT