Security vendors fortify defenses

Two vendors have strengthened their efforts to provide agencies with the tools to troubleshoot networks and manage security threats.

Network Associates Technology Inc. this week will unveil its Network Performance Orchestrator (nPO), an integrated platform for monitoring network performance and security across an enterprise.

Meanwhile, Symantec Corp. last week unwrapped the Symantec Security Management System, a set of applications designed to manage the flood of data generated by security devices so administrators can rapidly respond to new attacks and better secure their networks against known threats.

Ensuring network availability and managing security threats are key issues for federal information technology managers as they implement e-government and homeland security initiatives.

Many federal agencies already use security products from Symantec and Network Associates' network management and virus protection wares and, as a result, are expected to have an interest in new tools that can help them better track network and application performance and minimize information security risks, according to industry experts.

"I don't see why [these tools] wouldn't be just as good for the federal market" as the private sector, said Eric Hemmendinger, an analyst with the Aberdeen Group, a Boston-based consulting firm.

IT administrators will be able to manage several distinct areas from a centralized console with Network Associates' nPO, he said. The product approaches "management from three different perspectives: network management, security management and application management."

With nPO, Network Associates is building on its Sniffer enterprise management architecture, the company's popular technology for monitoring and analyzing network problems, to provide a central management platform for an agency's entire network.

The first phase of nPO lays the foundation for future enhancements planned for next year that build on security and application management, said Christopher Thompson, vice president of marketing for Network Associates' Sniffer Technologies.

The product consists of nPO Manager and nPO Visualizer. NPO Manager is a turnkey system that allows IT administrators to manage their networks from a centralized point anywhere in the world. Via a standard Web browser, an IT manager can monitor, manage and connect to multiple Sniffer appliances to provide centralized authentication, configuration, and resource and alarm management.

At the same time, nPO Manager can work with other vendors' management and security applications. For instance, the product now provides anomaly- detection reports, distributes filters to thwart attacks and consolidates security alarms, but will offer more comprehensive intrusion detection when it is integrated with products from Internet Security Systems next year.

NPO offers modules for voice-over-IP management, mobile management, intrusion prevention, application monitoring and expert analysis.

The nPO Visualizer is an appliance that lets IT administrators produce more than 40 reports on network performance issues such as bandwidth utilization, global statistics, top alarms and usage trends — all via a standard Web browser.

Symantec's solution is focused solely on security rather than network management. But it is designed to solve a big problem: helping IT managers filter and prioritize the huge volume of security events — messages on suspicious activities generated by security devices — that they must deal with daily.

The key components of the Symantec Security Management System are Event Manager, Incident Manager and Enterprise Systems Manager 5.5 for policy compliance, said Craig Rode, senior director of product management at the company.

IT staff are overwhelmed by the amount of security data from firewalls and intrusion-detection systems, Rode said. "Today, security is stovepiped so you can't always pull information together."

To that end, Symantec has introduced the Symantec Event Manager for Anti-Virus and Symantec Event Manager for Firewalls, which consolidate data from Symantec's and other vendors' solutions. Company officials expect to release additional event collectors in December.

***

What's new From Network Associates Technology Inc.:

* nPO Manager — For managing networks from a central location via a Web browser.

* nPO Visualizer — For producing more than 40 kinds of reports on network performance issues.

From Symantec Corp.:

* Event Manager — For collecting data from Symantec's and other vendors' products for antivirus and firewall management.

* Incident Manager — For analyzing and correlating events to identify security problems

. * Enterprise Systems Manager 5.5 — For monitoring policy compliance.