The Emerging Class of Security Tools

By Cameron Sturdevant  |  Posted 2002-12-06 Print this article Print

eLABorations: Network monitors find trouble before it becomes chaos

Enterprise IT should take a close look at an emerging class of security tools that monitor the network looking for problems. Companies including netForensics (see our review of netForensics namesake product update), eSecurity and Intellitactics make these products, all of which sit a level above specific devices such as firewalls and intrusion detection systems and attempt to make sense of the data provided by these devices. It looks like venerable System Management Arts, also known as SMARTS, is also getting into the game of using log analysis, device assessment and event correlation to help IT managers find security problems in real time. SMARTS has years of network fault management under its belt and has worked out some of the toughest problems in this arena. These problems include tracking network topology changes and thoroughly understanding device behavior. Turning security devices such as firewalls into sensors instead of the security management console is a great idea, and is among the most important advances of the year (look for more in our Dec. 23-30 year-end issue.) This is because the best way to see unusual and, therefore, suspect traffic patterns is to see how the web of applications, servers and network infrastructure devices are behaving. An individual firewall, intrusion detection system, anti-virus package or even an e-mail anti-spam service gives IT managers only a piece of the security puzzle. Sifting through the myriad warnings and notifications to piece together a clearer security picture is what these products do.
It almost goes without saying that technology on its own isnt enough. A human being still needs to determine the policies and rules that guide both the sensing equipment (firewalls, IDSes and anti-virus ware) and the monitoring consoles provided by these new products. Furthermore, a person ultimately needs to arbitrate what is a real security problem and what is a false alarm.
Finally, it takes people to design and redesign networks so that they are secure enough to conduct business yet open enough to be useable. As we ask the network to carry more and increasing varied traffic from data to voice and video the challenge of tracking security problems is only going to grow. Security monitoring tools will have to move fast to keep up with both the hackers and the business execs who are leveraging technology to stay ahead during these economically trying times. Senior Analyst Cameron Sturdevant can be reached at
Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel