 |
||||||||||||||
| Article Index - Product Contact Details | ||||||||||||||
|
||||||||||||||
|
When people talk about security, they often think of specific, discrete products or point solutions - e.g. anti-virus, firewalls, intrusion detection, encryption and so on. It is rare to find someone who thinks of the security of their organization as a whole - and this is not surprising because there are no real solutions that address the needs of an organization as a whole. Nor, necessarily, should there be. It is perfectly acceptable for organizations to purchase solutions from whichever supplier they think best. While a number of organizations have tried to be a one-stop shop for security solutions there has been resistance from the market, which likes to pick what it feels is the best solution. There are many problems with the market's free-spiritedness - not least is that managing security solutions is difficult, time-consuming and, in many cases, so complex and daunting that individuals within organizations give up. Take as a simple example the mass of data that you get from a typical firewall - there can be few individuals who routinely sit down over their coffee of a morning and happily browse the logs. The logs simply accumulate and are routinely dumped - unless something goes wrong. What doesn't routinely happen is integrated management of your security solutions and it doesn't happen because trying to integrate security solutions from different vendors (even from the same vendors in some cases) is a nightmare. Without proper management of your security infrastructure, you take too much time doing mundane things or you don't manage the security solutions at all. This problem, or variations of it, affects all sizes and types of organizations. Various different solutions to it have been tried with varied success. One solution that is worth trying is from e-Security Inc., and is basically an open security platform, which allows you to create a monitoring environment that lets you see what's going on across your enterprise. Clearly, this is possible using the management tools (such as they are) that come with your point products. The drawback to the security solutions management products is that they are giving you reports on their solution only. This doesn't always give you the full picture - for example, are you really experiencing a hack or is it something else. There are many products that will help you to manage your systems. There are fewer that will help you to manage your security infrastructure. The e-Security management console gives you the means to see what is happening (security-wise) in your enterprise. For example, you can tell it to show you your organization's offices and to give you the security status of the various offices across the country or across the world. If your organization was experiencing a security incident, then you could instantly see it. The worst thing in the world (as a manager) is to appear not to know what's going on in your part of the business. The e-Security console lets you see whether you've got a problem or not - there are other ways of doing this, of course, but in all honesty trying to stay on top of what's happening could take all your time, leaving you no time to do all the other things that you need to do. To return to our original concern, your organization is likely to have security solutions from various different vendors. Even if you started off with a policy for buying, say, Cisco firewalls - you could find through acquisition (as only one possible change factor) that you've got several different other manufacturers in as well. The same will be true of your other security solutions. To get a picture of exactly what is happening on your infosecurity infrastructure is not easy, at best, and near impossible, at worse. What is more, looking at just the output of one security product may not be enough for you to know whether you are suffering an attack. You may need to look at several different sources so that you can properly determine what is taking place. If you could look at what was happening on your firewalls and see what your intrusion detection solutions were telling you, then you would have a far better idea about whether an attack was happening. Knowing what is happening means that you can make the most appropriate response and not shut down systems and suffer the losses from the downtime simply because of a false alarm. The e-Security e-Sentinel solution is a combination of a console that shows what's happening across your enterprise, a series of agents that receive the output from your security solutions and a processing hub. At the back of all this is an Oracle database that stores and helps to process the vast quantities of management data flowing between your security solutions and the e-Security platform. The agents are a key part of the operation. These agents can run on the security device and can also run on NT boxes and receive the native output from your security solutions. A number of these is provided by e-Security but there is also an easy to use utility, the e-Security e-Wizard, which produces new agents for your point products. The rules-based agents take the output and filter and translate it for the management console. They use conventional SNMP communication to pass traffic between the security point products and the e-Sentinel - since they are independent of the security solution they don't care what operating system is running on the point product or what conventions it uses provided they can receive the output. The console within e-Sentinel manages the input from the agents and decides what action to take according to the rules you have set. You can establish a set of rules on what to do and how to respond when receiving what might appear to be a security breach - this includes looking at the output from other security solutions. This verification or corroboration of what is happening means that you and your colleagues don't get bothered with needless information and only get a notification if something is really going on. You can also use the e-Security system to trigger support tickets and service calls. The e-Security e-Sentinel operates using conventional technology - for example, the console uses a web browser - so you do not have any pushback in learning new systems or implementing new methodologies or support requirements. This robust system - still in a relatively early stage of development - is exactly what enterprise organizations have been waiting for, for years. Without a system-independent management system, information security officers and managers have a difficult if not impossible job to do. With a system that gathers information together and presents it in an easy to access and easy to read console, you are on top of your job.
|
||||||||||||||
|
||||||||||||||
|
||||||||||||||
|
||||||||||||||
|
SC On-Line |
||||||||||||||
|
|
||||||||||||||
| Copyright © 2001 West Coast Publishing. All rights reserved. |
FOR
