Envisioning an enterprise security architecture which allows customers to correlate threats and vulnerabilities with the best-suited response across desktops, servers, and networks, Internet Security Systems (ISS) on Thursday announced beefed-up versions of its RealSecure Site Protector and Fusion products wrapped around its new centrally managed Dynamic Threat Protection Platform.
ISS heavily promoted the influence of integration, consolidation, and security event management on its current and future product plans. At its headquarters on Thursday, the IDS (intrusion detection systems) vendor unveiled new technology partnerships with IBM iSeries-focused software security vendor PowerTech Group, as well as Crossbeam Systems and its high-performance XS40S multi-gigabit appliance.
Tom Noonan, president and CEO of Atlanta-based ISS, said that RealSecure Site Protector will be fully integrated and pool information with third-party solutions, including Check Point Software Technologies' Firewall-1 and Cisco Systems' PIX by Q2.
"Customers' biggest request is to make [security] effective," remarked Noonan. "People don't want to see [multiple security incidents and logs] anymore. They want to see a threat connected with a vulnerability they can act on."
Noonan admitted that the security industry and its disciples have become too "enamored" with IDS. In order to shift to an automated defensive scheme, he said that built-in security services, proactive security information management, and monitoring must be established closer to application security and away from the "fortress mentality" of the hardened network perimeter.
"This industry is changing because it has to change and we're trying to get security into all critical pieces of an environment," said Matthew Kovar, director of security solutions and services at Yankee Group. "[Customers are] trying to understand what applications are doing on a Web server or a desktop," he said.
Last October, Symantec shook up the security landscape by introducing its Security Event Management System, a set of management applications designed to closely knit disparate security product data together to enable proactive security response and detection. ISS' Dynamic Threat Platform promises to deliver many of the same benefits and processes of a unified and easy-to-manage security infrastructure.
RealSecure SiteProtector 2.0, earmarked by Noonan as the primary management cog behind ISS' Dynamic Threat Protection platform, features automated deployment of protection agents, policy administration, agent and asset grouping, and advanced incident analysis and reporting. The product joins a growing security trend of bringing together traditional standalone security solutions, such as vulnerability assessment, intrusion prevention, and firewall and blocking capabilities.
Meanwhile, RealSecure Fusion 2.0 can automatically identify hidden security threats and greatly reduce false positive alarms by utilizing embedded intelligence from X-Force, ISS' security response team. Fusion's correlation engine can discern properties of an attack or threat associated with vulnerabilities. For example, revealing data about a host or operating system-associated vulnerabilities.
RealSecure Site Protector 2.0 will be available this month. RealSecureFusion 2.0 should be ready by Q1 of 2003, Noonan said.