Symantec suite adds more control

A set of management applications designed to help IT executives control their security infrastructure and correlated information is at the centre of Symantec Corp.’s new security strategy.

Titled the Symantec Security Management System, the direction was unveiled at the firm’s Vision 360 conference held in New York last month.

Gail Hamilton, executive vice-president of product delivery and response for Symantec, said this tool would allow Symantec’s event-management and incident-management tools to talk to each other, and even to integrate with non-Symantec tools.

The management system is built on Symantec’s new platform, the Symantec Enterprise Security Architecture (SESA). It is the common foundation on which all future Symantec products will be built. It is based on open standards, and Hamilton said it will allow security tools to run on Microsoft, Linux, AIX, Unix and other platforms.

The prevailing theme of Symantec’s conference branched out from this new architecture as company executives spoke about open management. The security heavyweight said there is an obvious need for a variety of security tools at every level of an IT infrastructure. Companies have embraced antivirus, intrusion detection and firewall products. Symantec contends that the problem is that none of these tools are talking to each other, or being managed effectively.

John Thompson, chairperson and CEO of Symantec, said there are plenty of capable protection tools available today, but security problems still exist, and “all indications are that problems are only going to get worse.” Thompson added that some of the tried-and-true defence concepts need to be applied to the technology security sector.

He said security is going through changes typical of all unfolding technologies. First there is innovation, followed by proliferation and then collaboration. Interoperability is now key, he said, noting that it is at the top of customers’ wish lists.

Don Haile, president and chief information officer of Boston-based Fidelity Investments, said the company buys various point products, which makes integration “difficult, to say the least.”

He added that there is a strong need for security standards, and hopes the industry will focus on the application side of things.

“Help us reduce complexity,” Haile stated. “We don’t have a lot of standards that address the layers of security or interoperability. We need a standard that will be the driver that will pull the tiers together.”

Until integration is a higher priority, Haile said the lack of standards is going to constitute major exposure for enterprises.

Felipe Zarate, vice-president of business development for New York-based Net2s Inc., a technology consulting firm with an arm devoted to security implementations, said the need for this type of openness between products will depend on the implementation. There have been mumbles about interoperability between security products for some time, according to Zarate.

“This is just the same story,” he said. “But coming from a company that has acquired some of the technology Symantec has, it looks like they have the main ingredients. It all depends how they cook them.”

Zarate was referring to Symantec’s July acquisition of Riptech Inc., which provided managed security services and real-time information protection through its Caltarian technology platform. “I think the time is right for consolidation and Symantec has taken some of the best steps to get into this market.”

The key now, Zarate said, will be seeing if Symantec can walk the walk. “They are going to be able to sell this management solution, but can they deliver? There is nobody else with this product today.”

He did predict that other security companies like ISS would not be far behind Symantec in bringing similar management suites to the market.