ATLANTA—Internet Security Systems Inc. on Thursday announced its plans to make a grab for the brass ring of security management: dynamically protecting networks and individual machines by tying threat data to vulnerabilities in real time.
The new strategy, dubbed Dynamic Threat Protection, includes several new partnerships and product launches and represents a major bet on ISS part that the days of best-of-breed security architectures are over.
The centerpiece of the new strategy is RealSecure Site Protector 2.0. The new version brings all of the security capabilities in a given network under one command-and-control system. It relies on RealSecure agents on each protected machine—from servers to desktops to laptops—and utilizes a single policy-management component for the entire system.
Site Protector is closely tied to the new release of Fusion, which now utilizes intelligence from ISS X-Force research team to instantly analyze and correlate incoming threat information. That data is then mapped against vulnerabilities found in the network to provide a real-time view of the effect of the attack.
This capability is a large step forward for ISS, and an admission that the IDS technology for which it has become famous is not the security miracle that many advocates have claimed it is. ISS RealSecure IDS and Internet Scanner vulnerability management software were pioneering applications in their respective market segments when they were released. But theyve never been tied together this closely or in this manner before.
“I think we all became enamored of IDS because it was the first step in the process,” said Tom Noonan, chairman, president and CEO of ISS, in Atlanta. “But you have to be damn near 100 percent accurate with it. Security cant get in the way of business; security has to enable business.
“This is the ultimate correlation of active threats and active vulnerabilities.”
Another component of the new strategy is a partnership with security-appliance vendor Crossbeam Systems Inc. Under the agreement, ISS RealSecure Network 7.0 intrusion prevention software will now be included on Crossbeams X40S box. Both companies will sell and market the appliance.
ISS also joined forces with The PowerTech Group Inc. to provide protection for IBMs iSeries servers.
All of the new technologies will be available during the first quarter of this year.
Page Two
: ISS Eyes Brass Ring of Security Management”>
The Dynamic Threat Protection strategy is similar to the approach that Symantec Corp. announced last fall. Symantec, of Cupertino, Calif., is betting heavily on the enterprise market and is tying all of its various firewall, IDS, anti-virus and other technologies together under one security event management system. The company is also working toward being able to handle alerts and events from a wide range of other vendors products, something that ISS is doing as well.
ISS system will be able to handle events fed to it from Check Point Software Technologies Ltd.s FireWall-1 and Cisco Systems Inc.s PIX firewall, for example. The ultimate goal of both of these strategies is to filter down the number of events to a realistic amount and then act on those actual threats.
“We can reduce millions of results per day down to a handful that are actionable,” Noonan said. “You cant do this without real-time IDS and threat management working together.”
Why such a dramatic shift now? Noonan said the decision was driven by the realities of the rapidly evolving security landscape and the realization that users still arent secure after years of innovation and experimentation.
“This industry is changing because it has to,” he said. “Its not effective as it is.”