Security management vendors next week will unveil products to help security managers enforce compliance policies across their networks.
Security information management (SIM) vendor OpenService Inc. will ship a new version of its flagship software, Security Threat Manager (STM) 3.5, as well as an add-on software application to specifically help companies better handle compliance reporting. The two applications are integrated and can help IT managers detect potential security breaches as well as possible compliance issues in real-time, the company says.
OpenService's Security Log Manager (SLM) 3.5 will alert security managers to an event that may cause incompliance with pre-defined Sarbanes-Oxley policies, for example. The software, which works in concert with STM 3.5, also includes report templates to help IT managers show auditors the controls they have in place for compliance, the company says.
SIM software automates the collection of event log data from security devices, helping users make sense of it through a common management console. The products use data-aggregation and event-correlation features similar to those found in network management software, and apply them to event logs generated by firewalls, proxy servers, intrusion-detection systems (IDS) and anti-virus software.
STM 3.5 uses server software and gathers information from security devices using various collection mechanisms. SLM 3.5 taps into the same data collected by STM.
"STM filters out certain events to lighten its load, but SLM, from a compliance and forensics perspective, deals with a much larger volume of data," says Phil Hollows, vice president of security products at OpenService. "Instead of viewing log data later, the software should give IT managers a jumpstart on a compliance issue because the risk of having an unknown but notify-able event in their logs is reduced."
While SIM software may disregard an event that doesn't pose a security threat to an organization, OpenService's SLM 3.5 would save all events and log data for the purposes of compliance reporting.
Adam Hansen, security manager for Sonnenschein, Nath & Rosenthal, a law firm in Chicago, uses STM 3.2 and may upgrade his system in the fall. He has sneaked a peak at SLM 3.5 and says the software could help automate compliance processes already in place at enterprise companies. He warns that products cannot make a company compliant, but they can help IT staff collect compliance data and enforce the compliance policies already in place.
"For Sarbox, you're required to certify authenticity of financial records, who has access to them, who should and who shouldn't (access them) and if you have the underlying infrastructure in place to identify that, then you should be able to report on that," he says.
"But the problem is now that, on a large scale, people can't do that. They need software to automate the manual data collection and reporting tasks. If you understand what you are trying to do and have the processes in place, then you can use vendor products to help automate when the requirements exceed what staff can get done," Hansen adds.
Available now, STM 3.5 starts around US$50,000. SLM pricing is additional and depends on customer networks.
SIM vendor ArcSight Inc., which already offers Sarbanes-Oxley reporting in its flagship software Enterprise Security Management (ESM) 3.0 and add-on application ArcSight Reporting System, next week will unveil ArcSight ESM Healthcare Edition.
ArcSight software runs on several server platforms, including Microsoft Windows, Sun Solaris and IBM Corp.'s AIX. It has a management console that presents status reports based on data it collects from multiple vendor intrusion-detection systems, firewalls, routers, switches, servers and other vendor management consoles. The software stores the data it collects in an Oracle database or IBM DB2 Enterprise Edition.
ArcSight ESM Healthcare Edition allows healthcare providers to streamline security management practices. Using risk management, systems review, monitoring, and incident response technologies, the software combines security management, reporting and workflow capabilities with healthcare providers' and insurance industries' specific regulatory and security requirements, the company says.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.