eTrust 20/20 is a visual tool that gives systems administrators a detailed picture of their company's physical and network environments and enables them to see up-to-the-minute activity for specific employees, applications, buildings or systems.
ORLANDO, Fla. -- Computer Associates International Inc. on Monday unveiled a new product that company executives believe will bridge the gap between the electronic and physical security measures deployed in enterprises.
The product, called eTrust 20/20, is a visual tool that gives systems administrators a detailed picture of their companys physical and network environments and enables them to see up-to-the-minute activity for specific employees, applications, buildings or systems. The software collects real-time feeds from numerous sources, including badge readers, e-mail systems, Web servers and other networked devices; aggregates the data; and produces a graphical depiction of the monitored environment.
"We wanted a better way to pick up behavior thats abnormal," said Sanjay Kumar, president and CEO of CA, based in Islandia, N.Y. The software will go into a broad beta program this summer with an eye toward general availability by the end of the year.
In a demonstration during a press conference at the companys CA World show here, Kumar tracked the comings and goings of a fictional CA employee. The left side of the screen shows the various internal computer systems, including the Web, e-mail and client information repository. The center of the screen is given over to a schematic of the companys headquarters building and showed each badge reader. A running clock takes up the bottom of the screen.
Using the new software, Kumar was able to click on each system and see when and for how long the employee was using the Web, for example, or the client information system. The program also showed where in the building the employee was and which floors he was traveling to at what time of day.
Administrators can play back the activities of a particular employee over a given period of time and can also view the actual text logs of that employees activities at any time.
And, to prevent malicious employees from altering the log data, CA has developed an algorithm that takes a footprint of the data as it is collected and then compares that snapshot to the data as it is played back. Any alteration, therefore, would be easily identifiable.
Such technology clearly raises a number of questions about the level of monitoring that companies can or should perform on their employees, but Kumar says the system is merely aggregating existing data.
"Were not asking customers to collect any new data at all," he said.
The purpose of eTrust 20/20 is to find anomalous behavior and then alert the administrator to the activity. Over time, using CAs Aion and Nugent technologies, the software can learn what constitutes abnormal behavior for each individual employee and will subsequently eliminate unneeded alerts, Kumar said.
In addition to the technological advancements the program represents, eTrust 20/20 will also be the first CA product to be sold solely by subscription. Customers will pay as they go on a monthly basis, and the fee will be based on the number of employees and physical access points the system will be monitoring.
A CA engineer will be on-site at the customers facility for the first 90 days of the products deployment in order to help integrate all of the necessary data feeds. Customers will also have access to an engineer for up to five days each month.