In a major milestone in the maturation process for security event management technologies, a small vendor will unveil the first dedicated SEM appliance. High Tower Software Inc.s TowerView box incorporates the companys SEM software, which includes a unique correlation and visualization feature that presents security events in three dimensions.
As technologies such as firewalls and intrusion detection systems matured, they reached a point where customers demanded dedicated boxes for their deployment. Now, SEM is following the same path.
The TowerView system is based on technology developed by a company founder at NASAs Jet Propulsion Laboratory to handle the large quantities of data spacecraft beam to Earth. The JPL did not use a database to store that data because it was valuable only at the time of its creation and transmission. As a result, TowerView may be the only enterprise SEM product that doesnt have an in-line database.
This allows the system to work much more quickly because it doesnt have to write to, and then query, a database. The core function of TowerView is the same as other SEM products: to correlate and analyze security data from a variety of devices. The system applies a series of more than 100 preset rules to the data streams, looking for anomalies and known attacks. Customers can also write their own rules, and the system is capable of learning on the fly and adjusting rules to meet emerging conditions.
“The rules can learn what normal traffic is and incorporate vulnerability assessment data as well,” said Ursula Schwutke, vice chairman and chief technology adviser at High Tower, based in Aliso Viejo, Calif. Schwutke helped develop the core technology while at NASA.
The inclusion of the vulnerability data lets TowerView assess whether a machine under attack is vulnerable to that particular exploit. This is designed to reduce false positives and help assign a lower priority to failed attacks.
Following correlation and normalization, the data goes to the presentation layer, which consists of a 3-D grid with colored towers rising from the floor. The colors represent an events severity, and the grid is segmented into the zones of the physical network.
Pricing for TowerView will start at $48,000.
