E-Security stops data loss

The company’s Sentinel 5.1 monitors all security events on corporate networks

When you look at e-Security’s marketing materials, their message is all about compliance. The company, recently acquired by Novell, has a product that can help organizations comply with federal regulations such as the Health Insurance Portability and Accountability Act, among others. That’s nice to know if you’re a federal manager, but not necessarily relevant, because all federal agencies aren’t subject to the same compliance requirements.

However, Sentinel 5.1 is a broadly based security event manager that can play a significant role in protecting against data loss, intrusion, attack or even plain old stupidity. For example, had the Department of Veterans Affairs been running Sentinel, the product could have alerted information technology managers to repeated downloads of private information as part of a pattern of abuse. And that’s just the tip of the iceberg.

Sentinel monitors all security events on a network. Those events can include router and firewall activity, server requests, log-ins, locations, times, intrusion-detection system and intrusion-prevention system outputs, and nearly any other kind even remotely related to the security of a network.

Many products collect events, but Sentinel provides correlation. It can alert you when a particular employee logs on at odd hours, for example, and transfers large volumes of data.

You can also see when Internet attacks are taking place, when a firewall notices wormlike activity or when an employee tries to access a part of the network that’s off-limits.

You can load the system with your network policies and other security rules and then look for exceptions. The list of available functions is lengthy, but one that’s worth mentioning is its ease of use.

Unlike some other security event managers, Sentinel is highly interactive. You can get a series of graphical displays that show events in real time, for example, and click anywhere on the display to drill into the data being shown. If you notice a lot of suspicious activity on a switch port, clicking on the display showing that traffic will let you know everything about the traffic and its potential for harm.

Sentinel’s iScale correlation engine is the powerhouse for making sense of potentially millions of events. The engine looks for patterns in events and uses those patterns to alert managers to risks.

Sentinel’s interactive interface makes management easy, even for someone with little training. A click on a graphical element shows the numbers or events behind the element. Reports are easy to design, and users can establish them to show whatever information a manager is likely to want. The product can support nearly anything that can be monitored, although in a few cases e-Security engineers will have to custom-build a data interface.

The product is also easy to implement. Sentinel was operating in just a few minutes in the Federal Computer Week lab. However, implementing your security and management policies can be complex and may require some time with company engineers. On the other hand, e-Security can work with nearly any type of resource, from mainframes to routers. Testing included gathering devices never before used with e-Security, only to find that the process of monitoring them was surprisingly easy.

Although Sentinel does have a big role to play in the compliance space, it has an even bigger role in tracking the security on your network and providing a detailed, auditable listing of events, in real time and during long periods of time. Once it’s operating, you’re unlikely to have your security policy violated without your knowledge.

General Services Administration pricing starts at about $80,000, plus maintenance and a per-device fee.

Rash is a freelance journalist based in Washington, D.C., who has been covering technology since the late 1970s. He can be reached at wayne@rash.org.

Guard dutyE-Security’s Sentinel 5.1 includes standard security information management capabilities such as event correlation. It also enables security managers to respond appropriately to incidents.

Key features include:

  • iTrac — Automates and enforces incident identification and resolution processes.
  • Active views — Detects and analyzes threats and policy violations via real-time visualization and analytical tools.
  • iScale Architecture — Combines the speed of in-memory processing and the power of distributed computing to rapidly capture and correlate events.
  • Correlation — Enables managers to set up rules that look for patterns of activity throughout multiple, disparate data sources.
  • Source: E-Security

    The Fed 100

    Read the profiles of all this year's winners.


    • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

      'Buy American' order puts procurement in the spotlight

      Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

    • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

      White House taps old policies for new government makeover

      New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

    • Shutterstock image (by Everett Historical): aerial of the Pentagon.

      What DOD's next CIO will have to deal with

      It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

    • USAF Gen. John Hyten

      General: Cyber Command needs new platform before NSA split

      U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

    • Image from Shutterstock.

      DLA goes virtual

      The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

    • Fed 100 logo

      The 2017 Federal 100

      The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

    Reader comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above

    More from 1105 Public Sector Media Group