eTrust Security Command Center Displays Security Activity Graphically

Product Review

eTrust Security Command Center

Most security information management (SIM) tools do a good job of pooling data from network devices, reducing the signal-to-noise ratio of alerts and anomalies. Computer Associates is advancing this nascent field by adding remediation capabilities to its new eTrust Security Command Center.

eSCC is a server/database/agent solution that pulls logs and alerts from devices such as routers, firewalls and IDSes--then normalizes, correlates and reduces the data into more manageable intelligence. The Web-based portal design shows security activity across a network, providing alerts and anomaly data in easy-to-understand graphics and tables. All data gathered by the collection engine can be drilled down for more information.

Here's where eSCC is different. Computer Associates built its security information management system with remediation capabilities. Built upon technology of its existing eTrust Audit and UniCenter, eSCC gives an enterprise a centralized management system for manually responding to identified security incidents and potential vulnerabilities.

For instance, if eSCC sees anomalous traffic, it can send instructions to the help desk to open a job ticket for repairing the vulnerability or send an alert to an admin for immediate action.

eSCC comes with its own job ticketing system, based on UniCenter, but also integrates with Remedy, and there are plans to integrate with other systems--such as OpenView and Magic.

All communications between the Web portal, backend server and the collection agents are encrypted with SSL, allowing admins to securely monitor security activity and respond to incidents from any browser. The system only shows admins the data sets they need to see, based on their roles.

Computer Associates says few of its early adopters are using the automated features, mostly because of the fear that automated responses will inadvertently break critical processes. Still, Computer Associates sees automated response as the future of security, and this is a good first step toward that goal.

--LAWRENCE M. WALSH

 

eTrust Security Command Center's Web-based console gives admins the ability to view security activity in easy-to-understand graphics, so they can see exactly what portions of a network are affected by an incident.