E-Security stops data loss

The company’s Sentinel 5.1 monitors all security events on corporate networks

When you look at e-Security’s marketing materials, their message is all about compliance. The company, recently acquired by Novell, has a product that can help organizations comply with federal regulations such as the Health Insurance Portability and Accountability Act, among others. That’s nice to know if you’re a federal manager, but not necessarily relevant, because all federal agencies aren’t subject to the same compliance requirements.

However, Sentinel 5.1 is a broadly based security event manager that can play a significant role in protecting against data loss, intrusion, attack or even plain old stupidity. For example, had the Department of Veterans Affairs been running Sentinel, the product could have alerted information technology managers to repeated downloads of private information as part of a pattern of abuse. And that’s just the tip of the iceberg.

Sentinel monitors all security events on a network. Those events can include router and firewall activity, server requests, log-ins, locations, times, intrusion-detection system and intrusion-prevention system outputs, and nearly any other kind even remotely related to the security of a network.

Many products collect events, but Sentinel provides correlation. It can alert you when a particular employee logs on at odd hours, for example, and transfers large volumes of data.

You can also see when Internet attacks are taking place, when a firewall notices wormlike activity or when an employee tries to access a part of the network that’s off-limits.

You can load the system with your network policies and other security rules and then look for exceptions. The list of available functions is lengthy, but one that’s worth mentioning is its ease of use.

Unlike some other security event managers, Sentinel is highly interactive. You can get a series of graphical displays that show events in real time, for example, and click anywhere on the display to drill into the data being shown. If you notice a lot of suspicious activity on a switch port, clicking on the display showing that traffic will let you know everything about the traffic and its potential for harm.

Sentinel’s iScale correlation engine is the powerhouse for making sense of potentially millions of events. The engine looks for patterns in events and uses those patterns to alert managers to risks.

Sentinel’s interactive interface makes management easy, even for someone with little training. A click on a graphical element shows the numbers or events behind the element. Reports are easy to design, and users can establish them to show whatever information a manager is likely to want. The product can support nearly anything that can be monitored, although in a few cases e-Security engineers will have to custom-build a data interface.

The product is also easy to implement. Sentinel was operating in just a few minutes in the Federal Computer Week lab. However, implementing your security and management policies can be complex and may require some time with company engineers. On the other hand, e-Security can work with nearly any type of resource, from mainframes to routers. Testing included gathering devices never before used with e-Security, only to find that the process of monitoring them was surprisingly easy.

Although Sentinel does have a big role to play in the compliance space, it has an even bigger role in tracking the security on your network and providing a detailed, auditable listing of events, in real time and during long periods of time. Once it’s operating, you’re unlikely to have your security policy violated without your knowledge.

General Services Administration pricing starts at about $80,000, plus maintenance and a per-device fee.

Rash is a freelance journalist based in Washington, D.C., who has been covering technology since the late 1970s. He can be reached at wayne@rash.org.

Guard dutyE-Security’s Sentinel 5.1 includes standard security information management capabilities such as event correlation. It also enables security managers to respond appropriately to incidents.

Key features include:

  • iTrac — Automates and enforces incident identification and resolution processes.
  • Active views — Detects and analyzes threats and policy violations via real-time visualization and analytical tools.
  • iScale Architecture — Combines the speed of in-memory processing and the power of distributed computing to rapidly capture and correlate events.
  • Correlation — Enables managers to set up rules that look for patterns of activity throughout multiple, disparate data sources.
  • Source: E-Security

    FCW in Print

    In the latest issue: Looking back on three decades of big stories in federal IT.


    • Anne Rung -- Commerce Department Photo

      Exit interview with Anne Rung

      The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

    • Charles Phalen

      Administration appoints first head of NBIB

      The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

    • Sen. James Lankford (R-Okla.)

      Senator: Rigid hiring process pushes millennials from federal work

      Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

    • FCW @ 30 GPS

      FCW @ 30

      Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

    • Shutterstock image.

      A 'minibus' appropriations package could be in the cards

      A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

    • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

      DOD launches new tech hub in Austin

      The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

    Reader comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above

    More from 1105 Public Sector Media Group