http://www.eweek.com/article2/0,3959,570296,00.asp

By Dennis Fisher
October 1, 2002

NEW YORK -- Symantec Corp. on Tuesday unveiled a sweeping new security
architecture as well as a new set of technologies designed to
correlate and filter data gleaned from dozens of sources, including
competitors' products. It's a move that analysts say was a must for
Symantec as the company continues to evolve.

"This was absolutely necessary for them," said Chris Christiansen, an
analyst with IDC in Framingham, Mass. "With security purchases being
driven by ROI and [total cost of ownership], they had to do this."

Symantec, based in Cupertino, Calif., made the announcements at its
Vision360 security conference here.

The Symantec Security Management System comprises three components:
Event Managers, Incident Manager and Symantec ESM. Together, they are
designed to simplify the administration and management of security
components of complex networks.

Event Managers are simply agents that collect data from anti-virus
software and firewalls. The company currently can pull information
from Network Associates Inc. and Check Point Software Technologies
Ltd. products, as well as its own solutions. Event Managers for a
broader range of products, including those from Entercept Security
Technologies Inc. and TippingPoint Technologies Inc. will come later
this year.

Incident Manager is a system for managing the life cycle of a security
incident, from its inception to reaction through remediation. Security
managers can set priorities for their networks and the software will
adjust its alerts and reports accordingly.

Based on a set of guidelines developed by SANS and the CERT
Coordination Center at Carnegie Mellon University in Pittsburgh,
Incident Manager recommends actions for each incident. The software
also issues alerts and notifications throughout the course of an
incident's life, updating security personnel on the problem's status
and proposed resolution.

Symantec ESM, a policy-compliance and vulnerability-assessment tool,
can be integrated with Incident Manager. On its own, ESM is designed
to enable security managers to develop policies and procedures to help
manage security network-wide.

Users said Symantec's announcements are a good first step toward a
broader interoperability movement in security.

"We think there's a strong need for industry standards in the security
industry. We need to reduce the amount of complexity," said Don
Haille, president of Fidelity Investments Systems Co., based in
Boston. "The hackers know where the data is and the road to that data
is through your applications."

The new strategy was born out of a belief that the network perimeter
is a thing of the past, Symantec executives said. "The perimeter is
pretty porous and in fact may not be definable," said John Schwarz,
president and COO of Symantec.

Symantec's Security Management System is the first set of technologies
to come out of the company's much talked-about Symantec Enterprise
Security Architecture, a standards-based framework designed to make it
easier for the company's products to work with third-party solutions.

Other vendors, most notably Computer Associates International Inc.,
and Network Associates, already have the capability to manage some
third-party products, a fact that Christiansen said makes Symantec's
announcement a necessity for the company. Symantec recently made three
major acquisitions, and is still in the process of integrating the
technologies it acquired from Recourse Technologies Inc., Riptech Inc.
and Security Focus into its own product line.

Add the fact that the homogeneous network environment is virtually a
thing of the past, and you have a compelling set of drivers for
Symantec's announcements.

"They've been seriously talking about this for at least two years and
thinking about it for maybe four," Christansen said. "In today's
heterogeneous environments, they needed to do this."

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]