Symantec streamlines network security

Save time fighting those pesky viruses...
Written by Robert Lemos, Contributor

Save time fighting those pesky viruses...

Anti-virus firm Symantec has unveiled a package of network-security management tools designed to make it easier and faster for corporate administrators to protect their networks from viruses and other threats. Called the Symantec Security Management System, the package integrates standalone security products into a more-streamlined setup that can be centrally maintained. With the release, Symantec becomes the latest security company to take the streamlining approach. Corporate clients have been looking for ways to reduce the amount of time system administrators need to patch computers and respond to new viruses and worms. Symantec CEO John W Thompson said in a statement: "Customers have told us that the network perimeter is disappearing, their security risks are rising, internal staff resources are slim and regulatory pressures are high." Standalone network-protection products, such as intrusion-detection systems and firewalls, flag any unusual network behaviour as a security 'event'. But the products receive an overwhelming amount of such data, some innocuous and some serious. If a worker accidentally types in the wrong web address, that registers as an event, and an outside scan of the network by an attacker looking for a way in can create hundreds or thousands of events. Enabling these standalone products to communicate helps cut through the mass of information and sort the true threats from the false alarms. And in fact, products that can't be centrally managed may not actually be doing much to help security, according to John Pescatore, research director for internet security at Gartner. The Symantec Security Management System brings together three components: the Event Manager; the Incident Manager; and the Enterprise Security Manager (ESM), software for measuring how well companies comply with their own security policy. The Event Manager consolidates data from Symantec's antivirus and firewall products, as well as other companies' products, and provides a mile-high view of what the network-security systems are encountering. The Incident Manager looks at the events on the company's internal network as reported by a variety of products and correlates related events into "incidents," or potentially serious threats. Companies can track possible security breaches as well as their response to the breaches. The Incident Manager also provides guidance to system administrators based on information from the Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon University and the SANS (SysAdmin, Audit, Network, Security) Institute, a security research and education organisation made up of government, corporate and academic experts. Finally, the ESM identifies instances in which employees and computers are not complying with a company's security policy. The ESM tracks each case until it is resolved, allowing for high-level oversight of a company's security. Symantec also announced a bevy of partners that will be supporting its new system. Top accounting firms, including Deloitte & Touche, Ernst & Young and PricewaterhouseCoopers, will add the system to the security solutions they may recommend to clients. Product partners include IBM, Qualys, Arbor Networks, Netegrity, RSA Security, Sun Microsystems and Tipping Point. Robert Lemos writes for News.com
Editorial standards