Symantec Revamps Security Architecture - 2

Analysts say move was a must for the security vendor.

NEW YORK—Symantec Corp. on Tuesday unveiled a sweeping new security architecture as well as a new set of technologies designed to correlate and filter data gleaned from dozens of sources, including competitors products. Its a move that analysts say was a must for Symantec as the company continues to evolve.

"This was absolutely necessary for them," said Chris Christiansen, an analyst with IDC in Framingham, Mass. "With security purchases being driven by ROI and [total cost of ownership], they had to do this."

Symantec, based in Cupertino, Calif., made the announcements at its Vision360 security conference here.

The Symantec Security Management System comprises three components: Event Managers, Incident Manager and Symantec ESM. Together, they are designed to simplify the administration and management of security components of complex networks.

Event Managers are simply agents that collect data from anti-virus software and firewalls. The company currently can pull information from Network Associates Inc. and Check Point Software Technologies Ltd. products, as well as its own solutions. Event Managers for a broader range of products, including those from Entercept Security Technologies Inc. and TippingPoint Technologies Inc. will come later this year.

Incident Manager is a system for managing the life cycle of a security incident, from its inception to reaction through remediation. Security managers can set priorities for their networks and the software will adjust its alerts and reports accordingly.

Based on a set of guidelines developed by SANS and the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, Incident Manager recommends actions for each incident. The software also issues alerts and notifications throughout the course of an incidents life, updating security personnel on the problems status and proposed resolution.

Symantec ESM, a policy-compliance and vulnerability-assessment tool, can be integrated with Incident Manager. On its own, ESM is designed to enable security managers to develop policies and procedures to help manage security network-wide.

Users said Symantecs announcements are a good first step toward a broader interoperability movement in security.

"We think theres a strong need for industry standards in the security industry. We need to reduce the amount of complexity," said Don Haille, president of Fidelity Investments Systems Co., based in Boston. "The hackers know where the data is and the road to that data is through your applications."

The new strategy was born out of a belief that the network perimeter is a thing of the past, Symantec executives said. "The perimeter is pretty porous and in fact may not be definable," said John Schwarz, president and COO of Symantec.

Symantecs Security Management System is the first set of technologies to come out of the companys much talked-about Symantec Enterprise Security Architecture, a standards-based framework designed to make it easier for the companys products to work with third-party solutions.

Other vendors, most notably Computer Associates International Inc., and Network Associates, already have the capability to manage some third-party products, a fact that Christiansen said makes Symantecs announcement a necessity for the company. Symantec recently made three major acquisitions, and is still in the process of integrating the technologies it acquired from Recourse Technologies Inc., Riptech Inc. and Security Focus into its own product line.

Add the fact that the homogeneous network environment is virtually a thing of the past, and you have a compelling set of drivers for Symantecs announcements.

"Theyve been seriously talking about this for at least two years and thinking about it for maybe four," Christansen said. "In todays heterogeneous environments, they needed to do this."

Related Stories:

  • Security Hole Found in Symantecs Firewall
  • Symantec Takes Laissez-Faire Approach
  • Symantec Goes on Shopping Spree