SSi Service Strategies Inc.

Product Review

eTrust eBusiness Security

Home
Up
Information Request
Product Evaluation
Contact SSi
Glossary of Terms
Search Web
Web Contents
Notices

 

eTrust 20/20 Product Review

eTrust 20/20 Correlates Access Control Information From Physical and IT Systems

Information Security

Hot Pick!

Computer Associates' newest security offering looks like something out of Star Trek. Although the 24th century technology of the U.S.S. Enterprise still has this system beat, Computer Associates' (CA) eTrust 20/20 enables security practitioners to simultaneously identify and track unauthorized users in both the physical and digital realms.

We often hear about the convergence of physical and IT security, but see few applications other than the CSO's office overseeing both functions. What we have seen, though, is the application of IT access control mechanisms in the physical world. Smart cards, biometrics and passwords are used to segment physical plants into controlled security zones, allowing only those with the proper credentials to pass.

What 20/20 does is correlate access control information from the physical and IT systems to identify and track where unauthorized users are accessing computer resources. Here's where 20/20 gets interesting. With that information, the system identifies the user, calls up his digital credentials and plots his movements on a graphical representation of the company's physical plant.

"Corporate security managers don't just need more data. They also need to be able to zero in more effectively on the indicators within massive amounts of existing data to alert them to potential or ongoing problems," says CA president and CEO Sanjay Kumar. "eTrust 20/20 provides this critical capability across both the physical and virtual workplace."

But a video game this ain't. In a large organization with multiple restricted areas, such as a military installation or an urban hospital, 20/20 provides near-instantaneous visual representations of unusual activities. For instance, 20/20 can tell you that Bob in R&D used his smart card to access the secured lab on the 14th floor and then signed on to a Linux terminal.

Likewise, the system can tell you that Alice used her handprint to enter the security operations center (SOC), but then Eve's--not Alice's--network login credentials were used to access a SOC workstation. The system would flag that the two access credentials don't match, and a security admin would deduce that Eve was the actual person in the SOC.

Of course, 20/20 logs all security events and subsequent user activity for forensic analysis. Should Eve then use Alice's smart card to access another restricted area, 20/20 can track and play back her movements throughout the building. Pretty neat. Sound a little Big Brotherish? Maybe. But the system is designed only to key in on anomalous behavior patterns. CA says that normal usage shouldn't trigger an alert.

Granted, 20/20 isn't something you'll see in the average shop. Unless you're a three-letter government agency or a huge multinational with terabytes of proprietary information, this system won't be of much use to you. However, the ability to digitally and geographically track suspicious behavior gives enterprises another layer of defense in protecting their sensitive and confidential data and physical resources.

-Lawrence M. Walsh

 

Service Strategies Inc

2392 Mount Vernon Rd

Dunwoody, GA 30338-3092

800-662-1615  678-441-0020

assist@ssimail.com

Copyright © 1998-2003 Service Strategies Inc. All rights reserved.
Revised: September 27, 2004.