The Emerging Class of Security Tools

eLABorations: Network monitors find trouble before it becomes chaos

Enterprise IT should take a close look at an emerging class of security tools that monitor the network looking for problems. Companies including netForensics (see our review of netForensics namesake product update), eSecurity and Intellitactics make these products, all of which sit a level above specific devices such as firewalls and intrusion detection systems and attempt to make sense of the data provided by these devices.

It looks like venerable System Management Arts, also known as SMARTS, is also getting into the game of using log analysis, device assessment and event correlation to help IT managers find security problems in real time. SMARTS has years of network fault management under its belt and has worked out some of the toughest problems in this arena. These problems include tracking network topology changes and thoroughly understanding device behavior.

Turning security devices such as firewalls into sensors instead of the security management console is a great idea, and is among the most important advances of the year (look for more in our Dec. 23-30 year-end issue.) This is because the best way to see unusual and, therefore, suspect traffic patterns is to see how the web of applications, servers and network infrastructure devices are behaving. An individual firewall, intrusion detection system, anti-virus package or even an e-mail anti-spam service gives IT managers only a piece of the security puzzle. Sifting through the myriad warnings and notifications to piece together a clearer security picture is what these products do.

It almost goes without saying that technology on its own isnt enough. A human being still needs to determine the policies and rules that guide both the sensing equipment (firewalls, IDSes and anti-virus ware) and the monitoring consoles provided by these new products. Furthermore, a person ultimately needs to arbitrate what is a real security problem and what is a false alarm.

Finally, it takes people to design and redesign networks so that they are secure enough to conduct business yet open enough to be useable. As we ask the network to carry more and increasing varied traffic from data to voice and video the challenge of tracking security problems is only going to grow. Security monitoring tools will have to move fast to keep up with both the hackers and the business execs who are leveraging technology to stay ahead during these economically trying times.

Senior Analyst Cameron Sturdevant can be reached at