New security wares
- By Rutrell Yasin
- Oct 19, 2004
Information security managers at agencies and businesses have more options for protecting the organizations from cyberattacks and insider threats thanks to new wares from several security information management vendors.
Agency officials also can collect more comprehensive security data from a variety of sources as well as ensure that systems are compliant with various legislation and government regulations such as the Federal Information Security Management Act (FISMA).
Officials at Addamark Technologies Inc. are delving deeper into the security information management arena with a revamped product and a new name, SenSage Inc. The new version of the company's product, SenSage 3.0, includes a real-time correlation and alerting engine, sophisticated multi-user support, an enhanced user interface, and extensive reporting functions. In addition, the software ensures compliance with corporate policies and government regulations.
Before refocusing, SenSage served as a repository for forensic analysis instead of gathering data in real-time like most security information management products, said Jim Pflaging, the company's chief executive officer.
Pflaging said SenSage officials are geared toward finding the needle in the haystack. For instance, someone within an agency who has valid access might be performing suspicious activities, or the systems administrator with privileges to many systems might create bogus accounts.
SenSage collects log information from a wide variety of sources including firewalls, core systems, services, and even applications looking for patterns and anomalies, Pflaging said. "SenSage makes sense of information and does it intelligently," he said.
nFX Open Security
Meanwhile, officials at netForensics Inc. have released the nFX Open Security Platform, which supports the nFX framework, to help agency officials quickly identify and prioritize security issues to reduce threats and risks.
Enhancements to the platform include greater fault-tolerance capability, custom agent software development and policy compliance integration. New advanced threat visualization and analytics capabilities combine visual tools with reporting and analytics so a security team can identify threats faster. Company officials also updated their knowledgebase advisory service to provide security professionals with instant access to crucial vulnerability data.
Network and security operations are merging and, as a result, security information management products must appeal to a broader range of users, said Patrick Guay, a vice president of netForensics. To that end, "we [had to] make the product intuitive without compromising high-level functions," he said.
To help agency officials address regulatory compliance issues, officials at ArcSight Inc. recently released a version of the ArcSight software that enhances the company's Asset Based Security system, which provides a technical and business profile of critical systems and business processes. Users can now see unique compliance-related views of security activity for acts such as Health Insurance Portability and Accountability, FISMA and Sarbanes-Oxley. For instance, if a system that processes financial transactions is under attack, officials in the security and finance departments will know immediately that there are potential Sarbanes-Oxley implications, ArcSight officials said.