Business-security professionals face a growing challenge. The need to monitor the security of more computer systems, networks, applications, devices, and users is making it difficult to gather enough information quickly to combat threats in real time. In the conflict between breadth of coverage and speed of action, speed seems to be losing.
Security-management vendor eIQnetworks Inc. on Wednesday is introducing its Network Security Analyzer that it says will provide the breadth customers require with the scalability to deliver information in real time. The software monitors security alerts and events throughout an entire IT infrastructure. It includes an investigative and tracking engine that customers can use to search hundreds of gigabytes of log data from switches, routers, firewalls, VPNs, and many other devices.
The product also automates the collection, compression, encryption, and archiving of security logs. And it collects and aggregates security event data, categorizes events according to preset priorities, and then correlates event data to identify anomalies. The software then identifies high-priority threats and low-priority events. Another module handles user access control, device management, and system configuration.
eIQ has developed one of the industry's first enterprise-scale security-management architectures, which is needed as businesses cope with managing security threats for more devices, gather more security data, and are required to generate more security reports, says Jon Oltsik, an analyst at Enterprise Strategy Group. Many security products don't scale well and results in lag times between security events and getting enough information to know what to do about them.
"The industry is reaching a critical point to get much more scalable because security is a real-time problem," he says. "eIQ appears to have the horsepower to know about events as they happen, and all the ramifications."
The software also generates both compliance and security-management reports in multiple formats, including HTML, PDF, and Microsoft Word. It also lets security professionals create configurable monitors, event managers, and monitoring dashboards. It offers 800 options for forensic analysis via a browser and has an embedded database of its own. Finally, it can identify attacks, viruses, and worms; reduce false positives; and send out alerts in a variety of formats using several forms of communications, according to the company. Network Security Analyzer is priced at $895 per device.
An early user of the software tool says it has made him more efficient. Timothy Guy, a senior network administrator at a billion-dollar manufacturing holding company, says he used to spend six hours per day parsing through as much as 700 Mbytes worth of security event logs and writing his own queries for 'access denied' or some other problem. "With [Network Security Analyzer], we spend 10 minutes clicking while we open up the main console," he says.
Guy often has to contend with 5,000 alerts that flood his systems in a span of 10 minutes, he says, and it used to take him a couple of hours to find the root cause from all the alert logs. "Now, I don't look through log files," Guy says. Network Security Analyzer "sends me a page with the root cause, in real time."