Merging net management and security

Mike Bradzaca wanted to save himself a few headaches.

The director of network services at Aecom Corp., a professional services company that handles environmental engineering in Los Angeles, Bradzaca used to keep security management and network monitoring on separate sides of his IT house. But after some security missteps, he decided to link the two management processes more closely – physically and virtually.

“The security engineer and the network engineer now are in the same place, talking all the time about what’s happening on either the network or the security devices,” Bradzaca says. “If anything abnormal occurs anywhere, they check with each other and catch things before they happen.”

The idea of bringing security and network management together isn’t entirely new, but a few significant events in the past year – the terrorist attacks of Sept. 11 and the Nimda virus attacks – have upped user demand for security tools. Consequently, that has driven network management vendors to equip their software with features to manage security devices alongside switches, routers and servers. Vendors such as Aprisma Management Technologies Inc., Micromuse Inc., NetIQ Corp., Computer Associates International Inc. and IBM Corp.’s Tivoli Systems Inc., among others, have started giving users ways to let their network management systems talk to security devices to prevent performance problems and security breaches.

The bottom line is users now want more and better ways to secure their networks, but they also need to manage all that security data.

In Bradzaca’s case, he says Aecom avoided the Nimda virus because of all the chatter between two staffers at NetSolve, the management service provider Bradzaca employs to handle his security and network management.

“We worked with various vendors that didn’t talk to each other. And with security, it’s painful to have a variety of people with their fingers in the pie,” Bradzaca says. He says tying his WAN, LAN, firewall and intrusion-detection management together through services provided by NetSolve eliminates problems falling through the cracks.

Increased Efficiency

Along the same vein, vendors now routinely tout how using their software to automate configuration management can plug security holes on the network. The idea is that what the network staff overlooks, the security team will catch, and vice versa, says Jasmine Noel, an analyst with Hurwitz Group Inc.

“IT configuration tools commonly were bought to increase staff efficiency and automate change management, but last year vendors started pitching the same tools as a way to enhance security on a network,” Noel says. At that time, vendors such as Aprisma reworked their software to pull security information from firewalls and intrusion-detection systems (IDS). The core technology of the software did not change – it still performed network discovery and monitoring, but now it could recognize security events and alert users to any potential problems.

Companies such as Micromuse have started selling security software that can act as a “manager of managers,” consolidating network security data from across a network into one centralized console where users can view correlated data and generate reports. The security management products do not claim to give users the security they’d get from using a firewall, virus scanning software or IDS. Most of these products only claim to do what they do best on the network: collect, aggregate and correlate security data from disparate sources.

More features help users determine if a network event is affecting security or vice versa. Micromuse’s Netcool for Security Management works with network management software from Micromuse and other third-party vendors to correlate security and network events. The software also will filter alarms and prioritize the events that need immediate attention.

Buyer Beware

Despite the added features, Gartner Inc. analyst John Pescatore says current offerings from network management vendors do not have the intelligence needed to properly secure a network. He says adding security monitoring capabilities to a network management tool is a good move, but users should be leery of any “out-of-the-box” promises from vendors.

“The way you manage a network only changes when you bring a new technology in,” he says. “But security threats change constantly and users need a security specialist on hand to input the new data, say, when a new hacker figures out a new way to attack a system.”

Dan Springston, director of the network operations centre at NetEffect, a managed security solutions provider in Raleigh, N.C., says his staff started using Aprisma’s Spectrum Security Manager in concert with the company’s flagship Spectrum network management software to consolidate security events. In the past, NetEffect would not be aware that a security alarm occurred across its three firewalls until the security engineer checked the logs of each firewall. Now Spectrum Security Manager sends all events and alarms from security devices through one console and also lets Springston know if the events are causing performance problems on the network.

Although the software saves him time, Springston says he had to define security polices and how he wanted the network and security tools to interact before deploying it. And despite the urge to completely lock down the network, Springston says it wouldn’t be wise for him to build his network rules around security policies.

“If we have our security management piece do all the monitoring of logs, then we’ll miss things on the net management side,” he says. “You have to craft your security policies before buying any security management software. And you have to understand the network and security to pick the appropriate tools to do what you need in your network.”

Gartner’s Pescatore says it makes sense for users with large investments in network management software to also invest in security management software because managing network and security elements from one console will cut down on the time it takes to pinpoint problems. But for users with smaller networks, management software from security vendors such as e-Security Inc. and NetForensics Inc. may suit their needs.

“These are first-generation products coming from the network management vendors. They don’t yet have the intelligence built into the products that the security vendors can provide,” Pescatore says. “[Gartner] estimates it will be another three years before the network management guys dominate this market.”