Putting corporate security under one umbrella

There is a lawyer in Toronto who is the king of parking tickets. He knows if he parks just right between the last meter and the corner no city bylaw covers that zone, so he can beat any ticket in court. If your company’s security network is like Toronto, and most companies are, then it too has many zones hackers can use to beat the system.

Tivoli Systems Inc. is releasing Tivoli SecureWay Risk Manager, an e-business solution designed to consolidate disparate security points under an integrated console. The solution will help companies manage the wide array of security measures in place and allow them to more easily monitor today’s complex security arrangements, according to the vendor. In essence, it is designed to help close the loopholes left open by using a variety of piecemeal solutions.

According to Doug MacPherson, a Tivoli security sales specialist based in Markham, Ont., the company’s advantage is that it came at the solution from a management perspective rather than strictly one of security. By placing all security products under one umbrella, the Tivoli Enterprise Console, users are able to track the vast amounts of data that is produced by system security.

When a system comes under attack, a centralized security network makes responses easier. It takes all of those alerts (from various pieces of security software), associates them and tries to identify what is going on.” Much like a central military command, Risk Manager allows for a 30,000-foot view, thus increasing the odds of identifying and repelling an attack, MacPherson said.

“What we were seeing was companies using products like Cisco’s Secure IDS, or ISF RealSecure…you have to become an expert to use them and they gave you lots of data,” he said.

“So you knew some type of attack was going on, but you didn’t know if the attack was successful or not and…if the network traffic was really cranked up you started to lose the ability to track what was going on.”

Tivoli’s lab in Zurich wrote a series of rules to work with firewalls and other security measures, thus allowing users, people who aren’t necessarily experts, the ability to sift through all of the information created by security networks and understand what is going on. MacPherson said there are over 150 Tivoli-ready security products on the market that work with the system. Risk Manager can receive alerts from any of these products, he added.

The system can either be managed from a stand-alone console or integrated with the Tivoli Enterprise Console, an event management and automation application designed for enterprise computing environments.

When a problem occurs, systems administrators can choose from various forms of notification or can let the system handle the situation on its own.

“As you get to certain clip levels, depending on what is going on, it can e-mail you first at low levels and then start paging,” MacPherson said. “Then it can even do automated responses.

“In the case of a certain type of attack…if it sees it is coming from a single address out there on the Web…it can update the firewall dynamically to stop that [IP] address,” he said.

This is useful for real-time detection of denial of service attacks, though MacPherson admitted a well-planned, distributed and executed attack is difficult to stop.

Dan McLean, a network analyst with IDC Canada in Toronto, sees a trend toward moving security measures under one umbrella.

“Obviously it is a comprehensive way of approaching the problem, and probably gives you a much better chance of creating a more secure environment and managing risk, rather than going out and deploying a bunch of point solutions that may not have anything in the way of interoperability,” he said.

Joey Roa, vice-president of technology of MoneyStream, a Calgary-based payment processing company, said the products in this relatively new field are getting better, though there are still glitches.

“[The products] have become a lot more intelligent in terms of how to protect the company’s information assets,” he said.

The product (www.tivoli.com/security) goes into general release on June 9 and is priced on a per managed server basis.

Tivoli in Markham, Ont., can be reached at 1-800-426-2255.