Pulling It All Together: Layer Integration

By John Moore Print this article Print

As attacks on enterprise systems grow more sophisticated and diverse, companies need to rethink their defense strategies. In this special report, experts offer new and better ways to protect vital information resources.

Pulling It All Together: Layer Integration

The existence of myriad layers in the typical I.T. security strategy begs the question: Can they interact? The various security technologies have mostly acted in isolation over the years and continue to do so to a considerable degree, say I.T. managers and consultants.

"The struggle is being able to integrate and manage all those technologies as a unified defense as opposed to so many different point solutions in the enterprise," says Bell ICT's Moss.

Integration can be found within layers. At the perimeter, unified threat management appliances fill that role, combining firewall and intrusion prevention, among other functions. Consolidation also occurs at the host layer. Security suites from vendors such as McAfee and Symantec combine functions including antivirus, anti-spyware and identity protection.

Integration is trickier when using multiple vendors. While vendors have begun to build connections between their security offerings, customers still bump into limitations.

Take the case of Booz Allen Hamilton, a strategy and technology consulting firm based in McLean, Va. For vulnerability assessment, the firm uses nCircle Network Security's IP360, which has integration hooks into other products. Stan Kiyota, Booz Allen information security manager, says nCircle integrates with Remedy's help-desk system to smooth the job of addressing vulnerabilities once they surface. The linkage lets trouble tickets generated in nCircle flow into Remedy.

But there's a problem: "We don't use the help-desk software they nCircle happen to be partnered with," Kiyota says.

A class of technology called security information and event management software, or SIEM, promises to provide more coordination among security layers. These systems pull together security log data culled from a range of I.T. security systems and make them available to identify patterns.

Randy Barr, chief security officer at WebEx Communications, went to KlioSoft of Concord, Calif., for a SIEM tool to pull information from the event logs of its various devices to assess intrusion attempts and other security-related incidents. Those devices and systems include routers, firewalls, intrusion detection systems and content monitoring systems.

Minnesota CISO Buse also sees value in SIEM systems. The technology's correlation feature sifts through thousands of events to identify "a handful of things that are actually relevant," he says.

In some instances, the correlation job is assigned to an outside party. Darryl Lemecha, CIO at data broker ChoicePoint, says the company provides data from a vulnerability assessment, intrusion detection and patch management to a managed security services provider that analyzes the data.

Data correlation can bring insight into whether servers are properly patched to withstand a specific attack, as indicated by the intrusion detection system. Armed with this information, Lemecha says, ChoicePoint can choose to ignore some situations cases in which the company has the patches in place to fend off the detected attack and focus on those that are potentially more damaging.

This article was originally published on 2007-05-14
John writes the Contract Watch column and his own column for the Channel Insider.

John has covered the information-technology industry for 15 years, focusing on government issues, systems integrators, resellers and channel activities. Prior to working with Channel Insider, he was an editor at Smart Partner, and a department editor at Federal Computer Week, a newspaper covering federal information technology. At Federal Computer Week, John covered federal contractors and compiled the publication's annual ranking of the market's top 25 integrators. John also was a senior editor in the Washington, D.C., bureau of Computer Systems News.

eWeek eWeek

Have the latest technology news and resources emailed to you everyday.