This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."
Download it now to read this article plus other related content.
For example, the SIM can correlate security events from a UNIX system with the physical access system and detect when a user has left the physical premises but tries to log in to the UNIX system console within the data center. Similarly, the SIM can correlate events from Microsoft Windows and the physical access system to spot when a user has physically entered the Los Angeles campus but authenticated to Active Directory via a workstation in Chicago.
SIM vendors include ArcSight, CA, IBM, Novell and EMC's RSA. Some SIM products are directly aimed at providing physical security event correlation. For example, 3VR's suite of products works by recording events to a digital video recorder (DVR) and indexing the events--which makes them searchable--from the local console or another SIM product.
Let's take the previous example to the next "logical" step: Is it possible to stop the user from authenticating via the workstation in Chicago when we know that he "badged" into the Los Angeles office? That's the goal of PL contextual authorization. For example, Imprivata's OneSign product is capable of denying access to Active Directory and other IT platforms based upon whether the user has badged into the building.
What's Against This Union?
One major impediment to the success of PL convergence is the typical separation of the two departments responsible for physical and IT security. It's not an easy fix, as physical
In addition to organizational challenges, there are physical problems to overcome.
Due to acquisitions and other factors, most large organizations have a patchwork of physical access systems at varying stages of maturity. For instance, an organization with thousands of locations may have physical access technology from centuries-old lock-and-key systems to swipe-style (think credit card) to contactless systems. There are two dimensions to this patchwork problem. First, some of these physical systems lack the required interface to connect to IT systems, which precludes them from participating in PL convergence. Second, the multiplicity of different physical access systems generally prevents the use of a single authenticator for users who move between locations.
This was first published in September 2007