Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, August 22, 2006

Standard Could Unify Security Apps

You’ve got anywhere from six to 60 security applications and tools in your data center, and most of them work pretty well. There’s just one problem: None of them speak the same language.  ArcSight attacked that problem by proposing a new log management standard, the Common Event Format, that could enable security devices and applications to present and exchange event data in a common way.

Security managers have been frustrated by the proliferation of “point products” in their environments, which generate a ton of data but offer no method to filter or correlate it to find the root cause of a violation. 
Security information management (SIM) tools offer a possible solution, but each has its own proprietary means of collecting and presenting security data.

“What the CEF offers is a standard way to normalize the data from the different devices and tools so that it can be analyzed,” says Steve Sommer, senior vice president of marketing and business development at ArcSight.

If it’s adopted across the industry, the CEF could play a role similar to SNMP, the IETF standard that unified network and systems management tools a decade ago.  So far, however, the vendors that have announced support for CEF are those that were already ArcSight partners: AirTight Networks, CipherOptics, DeepNines, Intrusic, Reconnex, Vericept, and Vontu.  Sommers says ArcSight is negotiating with “a multi-billion dollar competitor” in the SIM market, which is considering adopting the standard.  He would not disclose the name of the vendor, but three of the multibillion vendors that make SIM tools are Cisco, Computer Associates, and Symantec.  Even when a forum is selected, it will probably take six to 12 months to get on the agenda of the standards bodies, Sommers observes.

Posted on 08/22