Net Monitors Sift Through Data to Sniff Out Trouble

 
 
By Cameron Sturdevant  |  Posted 2002-12-16 Email Print this article Print
 
 
 
 
 
 
 

Devices from SMARTS, others provide clearer security picture.

Enterprise IT departments should take a close look at an emerging class of security tools that monitor the network looking for problems.

Companies including e-Security Inc., Intellitactics Inc. and NetForensics Corp. already make these products, which cost in the neighborhood of $50,000 to $75,000, sit on networks one level above devices such as firewalls and IDSes (intrusion detection systems), and attempt to make sense of the data that these devices provide. (See eWeek Labs Dec. 2 review of NetForensics updated namesake product.)

The venerable System Management Arts Inc., also known as SMARTS, is now getting into the game. Its namesake product will use log analysis, device assessment and event correlation to help IT managers find security problems in real time. SMARTS, with years of network fault management under its belt, has successfully tackled some of the toughest issues in this arena. These include tracking network topology changes and thoroughly understanding device behavior.

Turning security devices such as firewalls into sensors instead of using the security management console is an innovative idea and is among the most important advances of the year. (Look for eWeek Labs take on the top innovations of 2002 in next weeks issue.)

This is because the best way to see unusual—and therefore suspect—traffic patterns is to see how the entire array of applications, servers and network infrastructure devices is behaving. Firewalls, IDSes, anti-virus packages and e-mail anti-spam services provide IT managers with only fragments of the security puzzle. Sifting through the myriad warnings and notifications to piece together a clearer security picture is what these network monitoring products do.

Technology on its own isnt enough, of course. A human being still needs to determine the policies and rules that guide the sensing equipment and monitoring consoles that these new products provide. Furthermore, a person needs to arbitrate what is a real security problem and what is a false alarm.

Finally, it takes people to design and redesign networks so that they are secure enough to conduct business yet open enough to be usable.

As we ask the network to carry ever more and increasingly varied traffic from data to voice and video, the challenge of tracking security problems is only going to grow. Security monitoring tools will have to move fast to keep up with both the hackers and the business executives who are leveraging technology to stay ahead during these economically trying times.

Senior Analyst Cameron Sturdevant can be reached at cameron_sturdevant@ziffdavis.com.

 
 
 
 
Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at cameron.sturdevant@quinstreet.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel