Symantec to Preview Security Information Management Appliance

Symantec Security Information Manager 9500 Series, now in beta, will let organizations automatically correlate security intelligence information from Symantec's DeepSight Threat Management System.

Symantec on Monday will announce a beta version of Symantec Security Information Manager 9500 Series, a new security information management appliance that the company hopes to release in the fourth quarter of 2005.

The new appliance will replace Symantecs Security Incident Manager software and will allow organizations to automatically correlate security intelligence information from Symantecs DeepSight Threat Management System, said Rowan Trollope, vice president of security management solutions at Symantec Corp.

Security incident management technology collects filters and correlates large volumes of data generated by other network security technology, such as IDS/IDP (intrusion detection and prevention) products, gateway anti-virus and firewalls.

SIM (security information management) products allow IT managers to more easily identify and respond to security events across their network.

/zimages/4/28571.gifClick here to read about Symantec merging security with server and storage management.

In addition to data from other network security products, the Symantec SSIM appliance will take in and correlate data from Symantecs global DeepSight network.

For example, information on IP addresses or ISP networks used in malicious attacks might be used to block traffic from those sources at the firewall, said Ashesh Kamdar, product manager for Symantec Incident Manager.

"Customers will see global threat patterns correlated automatically, so they dont need to monitor DeepSight and their SIM product separately," he said.

The SSIM 9500 Series is also designed for easy deployment on corporate networks. In addition to the appliance form, the new device comes with preconfigured event-correlation rules that match data from disparate security products, Symantec said.

There are two models of SSIM 9500 Series appliances: the SSIM 9550, with dual, 3.0 GHz processors, 8GB of RAM and 1TBe of storage; and the SSIM 9500, a security incident "store and forward" device with the same processors, 4GB of RAM but no storage.

The devices will be able to correlate as many as 2,500 events per second, compared with 450 events per second for the latest version of Security Incident Manager. In clustered deployments, the 9500 Series devices can support as many as 15,000 events per second, Trollope said. ´

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.