It's useless trying to manage a battle when immersed in the fray. So generals have traditionally operated from a hilltop where they have an overview of the conflict below. Effective information security management requires that same type of visibility.
Lee Kadel, information security analyst at Wheaton Franciscan Services (WFS), oversees security at the nonprofit's data centre as well as connections to its 17 hospitals and more than 70 clinics. He was running nearly 100 security devices, including firewalls, intrusion-protection systems (IPS), virtual private network (VPN) concentrators and authentication servers, but had no way to gain overall insight into the security status of the network.
"We had to manually review the firewalls, manually review the VPN logs and monitor the security logs on the authentication servers," Kadel says. "There were some devices we couldn't manage easily because the volume of event log data was just too great."
Like many other security managers, Kadel found that by installing a security information management console, he was able to cut down the monitoring workload and isolate threats earlier, as well as reduce downtime by discovering configuration errors.
To bring security and reporting up to the level required for compliance with the health regulations, Kadel installed netForensics' nFX Open Security Platform on five servers in an isolated storage-area network environment. NFX agents receive or collect the data from WFS's security devices. The data is translated into a common database format for storage, analysis and reporting.
"I have a dedicated monitor on my desk, so I can see the state of our network security at any given point in time," Kadel says. "It has given us greater visibility and better reaction time."
Some software vendors sell products called dashboards that are in fact just central management consoles for particular security products. But that doesn't mean that such products aren't helpful.
For example, New York Community Bank uses CA's Integrated Threat Management (ITM) R8. ITM unifies CA's PestPatrol Anti-Spyware Corporate Edition and its antivirus software into a single console. The bank uses ITM to centrally manage 3500 desktops at 170 branches in the greater New York area, as well as its servers. With ITM, helpdesk staffers can remotely scan the workstations rather than having to travel to a site and do it manually.