Symantec Corp. last week unveiled a sweeping new security architecture as well as a new set of technologies, which are designed to correlate and filter data gleaned from dozens of sources, including competitors products.
The Symantec Security Management System comprises three components: Event Managers, Incident Manager and Symantec ESM. Together, they will simplify administration and management of security components of complex networks, said officials of the Cupertino, Calif., company.
Event Managers are agents that collect data from anti-virus software and firewalls. The company currently can pull information from Network Associates Inc. and Check Point Software Technologies Ltd. products, as well as its own solutions. Event Managers for a broader range of products, including those from Entercept Security Technologies Inc. and TippingPoint Technologies Inc., will come later this year.
Incident Manager is a system for managing the life cycle of a security incident, from inception to reaction through remediation. Security managers can set priorities for networks, and the software will adjust its alerts and reports accordingly, said officials.
Based on a set of guidelines developed by The SANS Institute, of Bethesda, Md., and the CERT Coordination Center at Carnegie Mellon University, in Pittsburgh, Incident Manager recommends actions for each incident. The software also issues alerts and notifications throughout the course of an incidents life, updating security personnel on the problems status and proposed resolution.
Users said Symantecs announcements are a good first step toward a broader interoperability movement in security.
“We think theres a strong need for industry standards in the security industry. We need to reduce the amount of complexity,” said Don Haille, president of Fidelity Investments Systems Co., in Boston. “The hackers know where the data is, and the road to that data is through your applications.”