Home > Information Security Magazine > Features > SIMs maturing and suitable for mid-market
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

SIMs maturing and suitable for mid-market
Issue: Jun 2007
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >

More Precise Active Threat Response
Active threat response is a dangerous way to deal with security alert information. When active response is in play, the SIM actively modifies the behavior of the network in response to some identified security threat. The experience of managers who have been burned by this technology has led many to shy away from the idea of a robot wandering about their network, shutting off switch ports and adding rules to firewalls. But this hasn't kept vendors from developing active response toolkits.

One of the early entrants in the advanced toolkit space was Cisco with its Security Monitoring, Analy-sis and Response System (MARS) appliance. Rather than assume that all networks have a single firewall at the edge where all active responses go, MARS learns network topology and uses that information to focus any remediation as close to the source of the problem as possible.

Cisco had been the only vendor offering active response capabilities, with MARS, but now other vendors also provide the technology with their SIMs. ArcSight released Threat Response Manager, based on technology it acquired fr...



om ENIRA Technologies in 2006. The idea behind Threat Response Manager is that network configuration information, gathered from existing devices, is the most effective source of knowledge about network topology. Using configuration information and its own expert system, Threat Response Manager is designed to determine the most effective and least disruptive way to remediate a threat. However, threat remediation can cause a self-inflicted denial of service (DoS)--a problem ArcSight is quick to acknowledge. Executives at the company said one of the key goals for Threat Response Manager is giving security and network management staff the tools to follow written procedures--in effect, to respond to threats based on policy rather than by shooting from the hip.

Threat response isn't just a high-end feature; TriGeo has been touting its security policy compliance capabilities very heavily in a Windows-centric way. Not content to remediate threats using only network devices, TriGeo's remediation tools include a Windows agent that can start and stop processes, block different types of network connections, and enforce policies on USB peripherals.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts