Security gets nFX attention

As a concept, security information management (SIM) has proven to be a great way to push the development of security solutions. But now users want to know just how much real value those solutions can deliver, something that netForensics says drove development of its latest product.

The company's nFX Open Security Platform puts the focus squarely on goals such as better compliance reporting, using correlation technology to improve risk evaluations, and getting better performance and efficiencies out of a SIM infrastructure.

"One of the questions [chief information officers] are asking now is, 'How secure are we today?' -- the kind of request for quantitative data that was impossible to meet in the past," said Eddie Schwartz, netForensics’ senior architect. "But the industry is being pushed closer to enabling security [service-level agreements], so now it's definitely about being able to measure threats."

For government agencies, the biggest demand is for tools that can ensure compliance with regulations such as the Federal Information Security Management Act (FISMA), which mandates yearly security audits, Schwartz said.

That naturally leads to other needs, such as knowing which computing and network assets are vulnerable to which threats.

The nFX Open Security Platform produces reports for operational-level users and agency executives that address the particulars of regulations such as FISMA, the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act. It also shows trends over time that indicate how well initiatives to counter threats have performed.

It also allows administrators to group assets that are subject to particular regulations and produce reports that highlight the vulnerabilities of each asset in the group and the group as a whole.

Administrators can fine-tune their use of netForensics’ product and conduct capacity planning through a new dashboard feature. Schwartz expects that this and other correlation features will prove the biggest draws for users.

"Customers tell us they want to see real-time comparisons between vulnerabilities and threats as well as a greater degree of integration with other systems,” such as Hewlett-Packard’s OpenView, he said. "The trend now is [toward] continuous monitoring and real-time assessment of vulnerabilities."

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected