CA touts security alert management

Computer Associates (CA) has released two products under its eTrust brand, aimed at making it easier for companies to manage IT security and respond quickly to new threats.

Security Command Center (SCC) is an browser-based enterprise security system that allows companies to pull information from technologies such as firewalls and intrusion detection systems.

The vendor argues that, far from deploying more security products, companies need to improve the way they manage such software to protect corporate integrity.

SCC correlates the flood of alerts that a company receives every day, allowing security managers to determine which are priorities and what machines are affected.

Russ Artzt, executive vice president of eTrust security solutions at CA, said: "When you are dealing with over one million security events a day you want a tool that makes some sense of it. SCC takes raw data and turns it into information that can be used."

The second product, Vulnerability Manager, analyses a machine or system and rates its vulnerability automatically.

CA has 20 people conducting research everyday on threats. Its database of some 6,000 vulnerabilities lists what they are, what they affect and how to close the hole.

Vulnerability Manager can be fully integrated with SCC.

Simon Perry, divisional vice president for security strategy at CA, said: "Companies are trying to figure out which patches apply to them and their level of priority.

"This software scans a system, finds out what you are running and tells you what vulnerabilities you have."

Early customers of SCC include the Federal Aviation Authority (FAA), which manages 35,000 flights a day and runs a diverse, distributed network.

Michael Brown, director of information systems security at the FAA, explained that the challenge is to address the rising number of attacks which spread faster then ever.

"We have to rely on technology because we can't hire enough people to manage vulnerabilities," he said.

Jon Collins, senior analyst at Quocirca, indicated that SCC had the potential to simplify security management.

"It will bring to security what Unicenter did for enterprise management," he explained. "It will make it possible to do more with less people."

The products are CA's key security releases for 2003, although the vendor's anti-spam software, which began beta tests recently, will ship later in the year.

CA also announced a global alliance to integrate its BrightStor application with Sony's PetaSite and StorStation storage systems.

As part of the agreement, the companies will combine Sony's write once/read many capabilities with ArcServe.