In addition, the company’s Tivoli Security Compliance Manager automates software vulnerability scans on networks and compares the results of those scans to network security policies. Information collected from those products is then displayed, along with data from other network devices, on the Tivoli Enterprise Console.
Similarly, CA has been focusing development attention on its eTrust Security Command Center, which aggregates and correlates security data from other eTrust components, such as the eTrust Vulnerability Manager, or with third-party security products. The Command Center communicates directly with CA’s Unicenter system management software, passing alerts and status information back and forth to an organization’s network operations team, says Toby Weiss, CA’s senior vice president of product management.
Due at the end of October, the new version of the Command Center will extend the reach of eTrust. It will add tighter integration with eTrust Network Forensics -- a CA product that allows organizations to capture all their network traffic for forensic analysis -- and eTrust 20/20, a product that integrates physical and IT security systems to correlate anomalous behavior.
The increasing interest in integrated SEM among security vendors of all sizes is just one symptom of a larger movement to combine a number of distinct but closely related security technologies -- such as patch management, vulnerability management, and incident management -- that have gained wide adoption in the enterprise in recent years.
The drive for greater integration also stems from a range of new federal and state regulations covering data integrity and privacy, such as Sarbanes-Oxley and California’s SB1386. “You have a number of regulations that have emerged that say, ‘You have to be looking for bad things in your environment, and when you notice them, you have to tell us about them and implement best practices,’ ” says John Summers, global director for managed security services at Unisys.
What’s needed is a fusion between SEM or SIM products and data on asset criticality -- coupled with integrated functions such as identity and access management, user provisioning, change and configuration management, and software patch management.
Click for larger view.
Such a system could allow intelligence about a new security vulnerability that accompanies a software patch to be automatically linked to network policy management systems and be tested against existing ACLs (access control lists) used by firewalls and routers to thwart attacks, Morgan Stanley’s Braunstein says. “Then all that information is logged, and you can do something intelligent with the logs. That’s the real Holy Grail: a fully automated security lifecycle,” he says.
Taking the long view