The Symantec Security Management System brings together three components: the Event Manager; the Incident Manager; and the Enterprise Security Manager (ESM), software for measuring how well companies comply with their own security policy. The Event Manager consolidates data from Symantec's antivirus and firewall products, as well as other companies' products, and provides a mile-high view of what the network-security systems are encountering. The Incident Manager looks at the events on the company's internal network as reported by a variety of products and correlates related events into "incidents," or potentially serious threats. Companies can track possible security breaches as well as their response to the breaches. The Incident Manager also provides guidance to system administrators based on information from the Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon University and the SANS (SysAdmin, Audit, Network, Security) Institute, a security research and education organisation made up of government, corporate and academic experts. Finally, the ESM identifies instances in which employees and computers are not complying with a company's security policy. The ESM tracks each case until it is resolved, allowing for high-level oversight of a company's security. Symantec also announced a bevy of partners that will be supporting its new system. Top accounting firms, including Deloitte & Touche, Ernst & Young and PricewaterhouseCoopers, will add the system to the security solutions they may recommend to clients. Product partners include IBM, Qualys, Arbor Networks, Netegrity, RSA Security, Sun Microsystems and Tipping Point. But although Symantec and others have embraced the streamlining approach, some companies argue that the new integrated systems themselves require management by an expert third party. "When you buy a piece of security technology, you don't get any guarantees or warranties," said Maria Cirino, chief executive of managed security service provider Guardent. Companies such as Guardent compete in many ways with firms like Symantec that provide do-it-yourself solutions. But in other cases they compliment each other, with one company providing the network hardware and software and the other managing the whole shebang. With 15 of the Fortune 50 using her company's services, Guardent's Cirino argues that simplifying systems is a good first step, but that properly managed security should be the goal.
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
