Net Monitors Sift Through Data to Sniff Out Trouble

Devices from SMARTS, others provide clearer security picture.

Enterprise IT departments should take a close look at an emerging class of security tools that monitor the network looking for problems.

Companies including e-Security Inc., Intellitactics Inc. and NetForensics Corp. already make these products, which cost in the neighborhood of $50,000 to $75,000, sit on networks one level above devices such as firewalls and IDSes (intrusion detection systems), and attempt to make sense of the data that these devices provide. (See eWeek Labs Dec. 2 review of NetForensics updated namesake product.)

The venerable System Management Arts Inc., also known as SMARTS, is now getting into the game. Its namesake product will use log analysis, device assessment and event correlation to help IT managers find security problems in real time. SMARTS, with years of network fault management under its belt, has successfully tackled some of the toughest issues in this arena. These include tracking network topology changes and thoroughly understanding device behavior.

Turning security devices such as firewalls into sensors instead of using the security management console is an innovative idea and is among the most important advances of the year. (Look for eWeek Labs take on the top innovations of 2002 in next weeks issue.)

This is because the best way to see unusual—and therefore suspect—traffic patterns is to see how the entire array of applications, servers and network infrastructure devices is behaving. Firewalls, IDSes, anti-virus packages and e-mail anti-spam services provide IT managers with only fragments of the security puzzle. Sifting through the myriad warnings and notifications to piece together a clearer security picture is what these network monitoring products do.

Technology on its own isnt enough, of course. A human being still needs to determine the policies and rules that guide the sensing equipment and monitoring consoles that these new products provide. Furthermore, a person needs to arbitrate what is a real security problem and what is a false alarm.

Finally, it takes people to design and redesign networks so that they are secure enough to conduct business yet open enough to be usable.

As we ask the network to carry ever more and increasingly varied traffic from data to voice and video, the challenge of tracking security problems is only going to grow. Security monitoring tools will have to move fast to keep up with both the hackers and the business executives who are leveraging technology to stay ahead during these economically trying times.

Senior Analyst Cameron Sturdevant can be reached at