Security gets nFX attention
- By Brian Robinson
- Jun 14, 2005
As a concept, security information management (SIM) has proven to be a great way to push the development of security solutions. But now users want to know just how much real value those solutions can deliver, something that netForensics says drove development of its latest product.
The company's nFX Open Security Platform puts the focus squarely on goals such as better compliance reporting, using correlation technology to improve risk evaluations, and getting better performance and efficiencies out of a SIM infrastructure.
"One of the questions [chief information officers] are asking now is, 'How secure are we today?' -- the kind of request for quantitative data that was impossible to meet in the past," said Eddie Schwartz, netForensics’ senior architect. "But the industry is being pushed closer to enabling security [service-level agreements], so now it's definitely about being able to measure threats."
For government agencies, the biggest demand is for tools that can ensure compliance with regulations such as the Federal Information Security Management Act (FISMA), which mandates yearly security audits, Schwartz said.
That naturally leads to other needs, such as knowing which computing and network assets are vulnerable to which threats.
The nFX Open Security Platform produces reports for operational-level users and agency executives that address the particulars of regulations such as FISMA, the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act. It also shows trends over time that indicate how well initiatives to counter threats have performed.
It also allows administrators to group assets that are subject to particular regulations and produce reports that highlight the vulnerabilities of each asset in the group and the group as a whole.
Administrators can fine-tune their use of netForensics’ product and conduct capacity planning through a new dashboard feature. Schwartz expects that this and other correlation features will prove the biggest draws for users.
"Customers tell us they want to see real-time comparisons between vulnerabilities and threats as well as a greater degree of integration with other systems,” such as Hewlett-Packard’s OpenView, he said. "The trend now is [toward] continuous monitoring and real-time assessment of vulnerabilities."
Brian Robinson is a freelance writer based in Portland, Ore.