A layered approach to security can produce information overload headaches. As configured out of the box, many security products generate a number of alerts that can be “a little overwhelming,” Zasada observes. And with many different products, security staff could be looking at 10 or 20 different screens, says Casale.
“IT managers are focusing more and more on getting end-to-end visibility,” says Karthik Krishnan, senior product manager in the Security Products Group at Juniper Networks, Inc., of Sunnyvale, Calif.
One route to this unified view is a suite of security tools from a single vendor, designed to work with a single management console. That may work if you’re starting from scratch, Wolynski says, but many organizations already have not only security tools from different vendors but network equipment that has its own security capabilities built in, and they need to integrate it all.
In that case, the more realistic option is something that can correlate data from multiple vendors’ security products.
Intellitactics Security Manager is one example. “We transform millions of events into a fewer number of alerts,” Casale claims. “We’re literally finding the needle in the haystack for the security analyst.”
Major network infrastructure vendors Cisco and Juniper have each taken their own approach to this. Cisco touts the concept of the “self-defending network” with security provisions built into network hardware. Its Monitoring, Analysis and Response System (MARS) to pull together information from multiple devices. MARS works with many third-party products as well as Cisco’s own equipment, Berlin says.
Cisco’s Network Admission Control (NAC) framework also works with other vendors’ products, says Brendan McConnell, product manager for the NAC appliance. NAC can translate information from some 300 products made by about 50 vendors into access policies, he says. The switches and routers as well as the access server, though, must come from Cisco.
In November, Juniper launched Unified Access Control, which adheres to the non-profit Trusted Computing Group’s Trusted Network Connect standard. That means you can plug in any vendor’s products as long as they conform to the Trusted Network Connect standard, Krishnan says.
But Zasada offers a reality check on integrated security tools. They usually require a dedicated desktop computer and a lot of configuration work to get the desired results, he says. “The amount of time needed to set them up, and the resources, is quite large.”
And while integration is improving, there’s no one dashboard that handles everything. Vendors recognize the need but commercial interests get in the way, says Tom Slodichak, chief security officer at security consultants WhiteHat Inc. in Burlington, Ont.