eTrust Security Command Center FAQs

eTrust Security Command Center addresses “security information overload.” It reduces, aggregates, correlates and prioritizes disparate security data from multiple security devices and software applications across an enterprise by converting it into intelligent, actionable information that can be managed from a single, centralized location.

What is the fundamental business problem that eTrust Security Command Center is designed to solve?
Customers have been suffering from security information overload, a deluge of data from security devices across their enterprise. Firewalls, VPNs, antivirus software, intrusion detection systems and other security devices each produce vast quantities of information that are difficult — if not impossible — to fully exploit and use. This situation has gotten so bad that the vital security “signal” is often lost in a sea of security “noise,” making it nearly impossible for the IT and security staff to fully understand the entire security theater.

How does eTrust Security Command Center address “security information overload?”
eTrust Security Command Center addresses “security information overload,” by turning the overwhelming flood of security events and incidents into intelligent, actionable information. eTrust Security Command Center enables enterprises to reduce, aggregate, correlate and prioritize security data from both CA and non-CA security technologies. Without an open connection between these disparate systems and without intelligent correlation of the data, an organization's security vision is incomplete and missing the controls or management capabilities to respond to situations that could compromise critical business processes and assets, and enable daily business operations. eTrust Security Command Center brings the entire security theater to a single, web-based portal, improving incident response times and reducing exposure to new, emerging threats. It then allows enterprises to manage security through automation, and enables users to build real security state models. In addition, organizations can build customized, role-based views for critical employees, as well as map security operations to an overall corporate policy. Most importantly, organizations can integrate security management with vital business processes, protecting critical business assets and enabling swift, more efficient disaster recovery. The open, standardized approach of eTrust Security Command Center provides organizations with real-time operational and situational security awareness, allowing them to tie their policies, actions and knowledge into existing business processes.

What are the distinctive functionalities of eTrust Security Command Center?

Real-Time Operational and Situational Awareness. eTrust Security Command Center allows you to employ role-based views and build security state models. In addition, you can immediately drill down to determine the type, source and location of threats.

Reduction in “Signal-to-Noise Ratio.” eTrust Security Command Center eliminates clutter by enabling administrators to easily identify which critical events they should keep and process. Likewise, administrators they can pinpoint those events that are of little or no use — which they can direct to lower priority collectors or alternatively discard.

Open and Extensible Design. eTrust Security Command Center supports rapidly evolving technology through its open and extensible design, which accepts event data submitted by many systems, applications and appliances through its direct and indirect (Submit API, Generic Log Scraper and SNMP) recorders and integration kits.

Centralized Alert Management. Critical events can be filtered, logged and sent to a security monitor, allowing security personnel to be notified of crucial events in real time. Responses can be automated via emails, pagers, beepers and so on.

Predefined Correlation Rules and Policies. Using both predefined and custom-tailored rules, you can highlight critical information and map this information to real business priorities, enabling swift remediation and problem solving.

Central Audit Log Data Repository. Using the capabilities of eTrust Audit, you can collect audit log data from a variety of sources and store it in a central repository, which is built around a relational database for easy access, viewing and reporting for historical and forensic analysis.

Powerful Reporting Capability. Detailed reporting for trend analysis, as well as for management and regulatory compliance initiatives, comes bundled with numerous reporting and graph functions. Reports can be generated in multiple formats, including HTML/XML for easy web viewing and dissemination.

Automated Trouble-Ticketing System. Allows you to open or update issues in response to an event being received through Unicenter® integration.

Web-Based Interface Based on Portal Technology. eTrust Security Command Center combines all web-based resources in the same workspaces and creates user-defined, role-based views — helping to ensure secure access anywhere and at anytime.

Integration With eTrust Solutions and Third-Party Products. Allows you to collect, reduce, normalize and correlate security-related events from numerous third-party products across multiple machines and domains.

Integration With CA’s Unicenter® and Third-Party Enterprise Management Systems. The deployment of eTrust Security Command Center within a Network Operations Center will greatly improve an operation’s security posture, offering richer, more valuable security information to enhance the management of enterprise health and performance, help ensure functionality of vital business processes and improve availability of the right information to the right users.

What value will eTrust Security Command Center provide to a typical enterprise that already has multiple security tools deployed?
eTrust Security Command Center can help enterprises to:

Gain full command and control of their entire enterprise security environment with a centralized, web-based portal.

Manage security information overload with powerful, advanced correlation tools that allow users to integrate log information from third-party security technologies, and therefore prioritize, pinpoint and effectively respond to important security incidents.

Reduce the cost and complexity of event management by automatically addressing many security events without administrator intervention.

Improve overall security posture by reducing exposures to serious incidents.

How does eTrust Security Command Center collect data?
eTrust Security Command Center uses the superior data collection and consolidation capabilities of eTrust Audit to gather information from a wide variety of data sources, including various operating systems, applications, appliances, and both CA and non-CA technologies. As a component of eTrust Security Command Center, eTrust Audit collects information through multiple ways, including:

eTrust Audit System Recorders and iRecorders — a direct means of collecting event messages created by a given operating system, application or appliance

eTrust Audit Generic Recorder — a collection tool that harvests application logs maintained as flat files

eTrust Audit Custom Recorder (Submit Application Programming Interface [Submit API]) — by programming with eTrust Audit Submit API function calls, applications can send complete, detailed messages to eTrust Audit, allowing the product to perform more granular and more intelligent analysis of the collected data.

eTrust Audit SNMP Trap Recorder — you can configure any application, system or appliance that can issue SNMP traps to send those traps to a machine where the eTrust Audit SNMP Trap Recorder is running, which in turn, directs that information to eTrust Audit

eTrust World Agents — eTrust Security Command Center employs unique status monitoring agents that track vital system and application messages, and reports them to eTrust Security Command Center. The data from this polling is interpreted before presentation to an analyst or monitor, allowing users to view states for systems, applications and processes that are relevant to them.

How does eTrust Security Command Center scale to accommodate a range of site sizes?
The flexible architecture of eTrust Security Command Center allows it to scale implementations from the needs of small companies to large enterprises. Using the store-and-forward mechanism provided by eTrust Audit, you can build hierarchies to route auditing events from a vast amount of clients. The flexible filtering capabilities reduce the amount of collected event messages by filtering out unimportant events, or “noise.” Events can be saved in the database on each level of the hierarchy, allowing distributed databases. The GUI tools provide a means to view, filter and analyze events from several databases. Additionally, the distributed architecture of eTrust Security Command Center allows you to exploit multiple CPUs from a large number of computers.

What is the value-add of eTrust Security Command Center to Unicenter® customers?
eTrust Security Command Center acts as a security view within Unicenter, enabling users to monitor critical security events in real time. eTrust Security Command Center collects and manages virtually all security-related information and seamlessly feeds only the most critical security event information to Unicenter. One of the goals of eTrust Security Command Center is to provide a focused security management tool that seamlessly integrates with existing network event management systems, whether deployed alongside those systems or separately. In addition, it enables Unicenter to put IT events in a security context.

What is the difference between eTrust Security Command Center and eTrust Audit?
eTrust Audit is a security monitoring solution, while eTrust Security Command Center is a security management solution. eTrust Audit is a strategic product on its own, but as a core component of eTrust Security Command Center, it is responsible for data collection, consolidation and reduction. eTrust Audit provides filtered information from various CA and non-CA technologies to eTrust Security Command Center for further handling, including event correlation and prioritization of disparate security data across the enterprise. It then converts this data into intelligent, actionable information and stores it in a centralized, web-based portal.