[ISN] Symantec Revamps Security Architecture

From: InfoSec News (isnat_private)
Date: Wed Oct 02 2002 - 01:50:23 PDT

  • Next message: InfoSec News: "[ISN] Opinion: Secure software? Don't hold your breath"

    By Dennis Fisher 
    October 1, 2002 
    NEW YORK -- Symantec Corp. on Tuesday unveiled a sweeping new security
    architecture as well as a new set of technologies designed to
    correlate and filter data gleaned from dozens of sources, including
    competitors' products. It's a move that analysts say was a must for
    Symantec as the company continues to evolve.
    "This was absolutely necessary for them," said Chris Christiansen, an
    analyst with IDC in Framingham, Mass. "With security purchases being
    driven by ROI and [total cost of ownership], they had to do this."
    Symantec, based in Cupertino, Calif., made the announcements at its
    Vision360 security conference here.
    The Symantec Security Management System comprises three components:  
    Event Managers, Incident Manager and Symantec ESM. Together, they are
    designed to simplify the administration and management of security
    components of complex networks.
    Event Managers are simply agents that collect data from anti-virus
    software and firewalls. The company currently can pull information
    from Network Associates Inc. and Check Point Software Technologies
    Ltd. products, as well as its own solutions. Event Managers for a
    broader range of products, including those from Entercept Security
    Technologies Inc. and TippingPoint Technologies Inc. will come later
    this year.
    Incident Manager is a system for managing the life cycle of a security
    incident, from its inception to reaction through remediation. Security
    managers can set priorities for their networks and the software will
    adjust its alerts and reports accordingly.
    Based on a set of guidelines developed by SANS and the CERT
    Coordination Center at Carnegie Mellon University in Pittsburgh,
    Incident Manager recommends actions for each incident. The software
    also issues alerts and notifications throughout the course of an
    incident's life, updating security personnel on the problem's status
    and proposed resolution.
    Symantec ESM, a policy-compliance and vulnerability-assessment tool,
    can be integrated with Incident Manager. On its own, ESM is designed
    to enable security managers to develop policies and procedures to help
    manage security network-wide.
    Users said Symantec's announcements are a good first step toward a
    broader interoperability movement in security.
    "We think there's a strong need for industry standards in the security
    industry. We need to reduce the amount of complexity," said Don
    Haille, president of Fidelity Investments Systems Co., based in
    Boston. "The hackers know where the data is and the road to that data
    is through your applications."
    The new strategy was born out of a belief that the network perimeter
    is a thing of the past, Symantec executives said. "The perimeter is
    pretty porous and in fact may not be definable," said John Schwarz,
    president and COO of Symantec.
    Symantec's Security Management System is the first set of technologies
    to come out of the company's much talked-about Symantec Enterprise
    Security Architecture, a standards-based framework designed to make it
    easier for the company's products to work with third-party solutions.
    Other vendors, most notably Computer Associates International Inc.,
    and Network Associates, already have the capability to manage some
    third-party products, a fact that Christiansen said makes Symantec's
    announcement a necessity for the company. Symantec recently made three
    major acquisitions, and is still in the process of integrating the
    technologies it acquired from Recourse Technologies Inc., Riptech Inc.  
    and Security Focus into its own product line.
    Add the fact that the homogeneous network environment is virtually a
    thing of the past, and you have a compelling set of drivers for
    Symantec's announcements.
    "They've been seriously talking about this for at least two years and
    thinking about it for maybe four," Christansen said. "In today's
    heterogeneous environments, they needed to do this."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Oct 02 2002 - 03:43:46 PDT