Symantec releases Incident Manager 2.0.Symantec Corp. (Nasdaq:SYMC SYMC Symantec Corporation (stock symbol) ) has announced the release of Symantec Incident Manager 2.0. Symantec Incident Manager uses automated au·to·mate v. au·to·mat·ed, au·to·mat·ing, au·to·mates v.tr. 1. To convert to automatic operation: automate a factory. 2. correlation to identify and prioritize pri·or·i·tize v. pri·or·i·tized, pri·or·i·tiz·ing, pri·or·i·tiz·es Usage Problem v.tr. To arrange or deal with in order of importance. v.intr. security issues and then coordinates resolution of those issues, allowing enterprises to proactively secure their network against known threats and respond to new attacks in real time. "With today's organizations becoming more global, connected and dynamic in nature, the practice of security management has never been more complex," said Craig Rode, senior director, product management at Symantec. "Symantec Incident Manager helps companies take real steps to manage information security risks." Enterprise security management can be complicated, often delivered through the combination of commercial products from different vendors that lack integration and interoperability The capability of two or more hardware devices or two or more software routines to work harmoniously together. For example, in an Ethernet network, display adapters, hubs, switches and routers from different vendors must conform to the Ethernet standard and interoperate with each other. . These products generate a tremendous amount of data--in some cases, millions of messages or "events" each month. Most events are the result of normal activity. However, messages reporting real malicious Involving malice; characterized by wicked or mischievous motives or intentions. An act done maliciously is one that is wrongful and performed willfully or intentionally, and without legal justification. DESERTION, MALICIOUS. activity often get lost in all of the data. Taken individually, it can be difficult to determine if an event requires action. Single events don't have enough information, so grouping related events together into incidents helps administrators understand the nature and scope of an attack or unwanted activity. An incident is a set of events or conditions that requires a response and closure in order to restore an appropriate risk profile. The challenge is sorting through the millions of events to find incidents in time to take action. Symantec Incident Manager correlates security events from disparate security products and across protection technologies, including antivirus Refers to detecting and blocking computer viruses. See antivirus program, behavior blocking, virus and virus hoaxes. , firewall and intrusion detection See IDS and IPS. to identify incidents in real time, and coordinates response actions throughout the entire incident lifecycle. In addition to automatic, real-time correlation, Symantec Incident Manager also offers business impact analysis using a sophisticated risk analysis engine that determines the impact of each incident on a customer's business in terms of confidentiality, integrity and availability. Customers can tailor the system with specific risk profiles for each part of their business to ensure the business impact analysis is uniquely relevant to their individual needs. The risk analysis engine also determines which incidents are urgent and presents a prioritized, actionable Giving sufficient legal grounds for a lawsuit; giving rise to a Cause of Action. An act, event, or occurrence is said to be actionable when there are legal grounds for basing a lawsuit on it. list. Incident priority is determined and updated in real time to reflect the most current state of an incident, allowing staff to focus resources on resolving the most critical incidents first. Symantec Incident Manager helps administrators understand important characteristics of each incident by displaying links between event signatures and safeguards. It also provides dynamic guidance, assessing the nature of each incident and providing specific instructions that guide the administrator through the resolution process. Guidance is based on the SANS incident handling best-practices framework. Symantec Incident Manager includes expert security content, produced by Symantec Security Response, which provides correlation rules and conclusions, and action recommendations to guide staff as they identify and resolve incidents. Finally, Symantec Incident Manager integrates with the new Symantec Vulnerability Assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. 1.0 to correlate attacks to vulnerabilities, reducing false positives since administrators can readily focus on the systems that are most vulnerable to each attack. Symantec Incident Manager is a key component of the Symantec Security Management System, which is comprised of multiple components that can be purchased and deployed separately, but also integrate with one another to provide the right set of security management applications unique to individual business objectives. Other key components of the Symantec Security Management System are Symantec Event Managers and Symantec Enterprise Security Manager (ESM (1) (Enterprise Storage Management) Managing the online, nearline and offline storage within a large organization. It includes analysis of storage requirements as well as making routine copies of files and databases for backup, archiving, disaster recovery, ). Symantec Event Managers provide enterprise customers with logging, alerting and reporting for a specific area of protection, such as antivirus, firewall and intrusion detection. Symantec Event Manager for Anti-Virus, Symantec Event Manager for Firewall and Symantec Event Manager for Intrusion Detection (IDS) consolidate data from Symantec's protection solutions to provide the customer with a complete view of virus, firewall and IDS events. Using Symantec Event Collectors, customers can also collect data from third-party vendor security products. The following Symantec Event Collectors are currently available: Symantec Event Collector for Network Associates ePO and VirusScan, Symantec Event Collector for Trend Micro Gateway and Groupware Software that supports multiple users working on related tasks in local and remote networks. Also called "collaborative software," groupware is an evolving concept that is more than just multiuser software which allows access to the same data. , Symantec Event Collector for Check Point VPN-1/Firewall-1, and Symantec Event Collector for ISS ISS See Institutional Shareholder Services (ISS). RealSecure. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion