Network management provider Micromuse Inc. last week announced plans to launch a security management initiative that will leverage the scalability of its Netcool event handler to centralize security management.
As part of the initiative, Micromuse is creating a bundle of its existing Netcool tools that are customized for security management. It is also creating alliances with security vendors such as Check Point Software Technologies Ltd. and Network Associates Inc., as well as with integrators such as VeriSign Inc. and Greenwich Technology Partners Inc. that have security practices.
Micromuse intends to extend the reach of its Netcool manager-of-managers software, which is used to consolidate large numbers of network events, into the security management arena.
"There is an increasing number of event streams from the different equipment—firewalls, anti-virus software, authentication, [virtual private networks] and so on. Service providers and enterprises have to manage all that information and make sense of it," said Jim Frey, vice president of marketing strategies at Micromuse, in San Francisco.
At the same time, a variety of tools populate the security space, and none of those tools communicate. "No one vendor provides all the pieces, and there is no way to tie information together across those sources," Frey said.
Although Micromuse will have to prove itself in the security management arena, the timing of its initiative is good, said Jeff Oliveto, vice president of operations at managed security services company Clean Communications Inc., in Fairfax, Va.
"According to CERT, security intrusions increased over 500 percent over the last two years," Oliveto said. "Any company managing their security infrastructure the same way today that they did two years ago probably needs to go back and look at it. If youre not reviewing your security infrastructure and how youre managing it, youre probably at risk."
The Netcool for Security Management bundle will include Netcool/ Omnibus and Netcool/Webtop applications; Netcool/Impact configured with off-the-shelf security policies; Netcool/ Reporter, with preconfigured security reports; and Netcool FW-1 and Cisco Systems Inc.s PIX and Cisco intrusion detection system probes. All Netcool probes will be configured to watch for security events. The bundle, which will be preconfigured to manage security events and run in a secure mode, will also support integration with Niksun Inc.s NetDetector, Network Associates Sniffer, Johnson Controls Inc.s Metasys and Asita Technologies Inc. security devices.
Micromuse will use Netcool/ Omnibus and Netcool/Webtop for a single point of control.
"Were using Impact to do threat isolation—a form of correlation—to ID, locate and recognize the source and scope of a potential attack. Well look to see what is under attack, what resources [are] affected and whos affected," Frey said.
Netcool/Reporter provides the ability to do reporting for historical analysis and automated actions based on the severity of the threat. The bundle can also automate a response such as shutting down a port or eliminating access to an account thats been breached or initiating failover to backup systems.
The bundle is slated to ship March 1, and a starter package with all the components necessary will be priced at less than $100,000.