CA releases security command software beta

The beta version of a new security command center software that Computer Associates International Inc., Islandia, N.Y. released Dec. 9 will give integrators an early glimpse of how it can be used in the government market, said Ron Moritz, senior vice president of the company's eTrust security solutions. According to Moritz, the company sees an emerging market for providing software that can monitor information from a variety of security applications in the enterprise, such as firewalls and intrusion detection systems. "We see unified security management as growing market. It is a Holy Grail for enterprises," Moritz said.The proliferation of firewalls, filters and intrusion detection systems have left data center managers inundated by terabytes of uncorrelated security reports, he said.Using physical security as a metaphor, Moritz said that when a person breaks into a house, the offender might set off multiple alarms, such as a motion detector and one that detects windows being opened. In fact, the break-in is one event. Computer Associates' software will aggregate data from security systems to provide this same sort of unified security picture for the cyber-realm, Moritz said. Announced in September, the eTrust Security Command Center provides security administrators a portal to monitor threat management, identity management and access management software.The company plans a final release of the software sometime during the first quarter of 2003, Moritz said. However, integrators can try out and deploy the software to anticipate what service issues might arise from its use, as well as figure out what new capabilities the software can give customers. Agencies, for instance, may be more likely to establish a central security office to manage its networks, a task that may have proved too difficult in the past if the agency had offices spread across too many locations. "There would be just too much data sent back to the central facility to handle," Moritz said. Moritz is a founding member of the IT Information Sharing and Analysis Center formed by presidential order in 2000. A non-profit organization, IT-ISAC facilitates the exchange of security information among IT vendors.This beta release offers the access management functionality, whereas modules for identity and threat management will be released next year, Moritz said. Access management allows an organizations to set passwords for a wide range of applications on an organization's intranet, so an individual can use the same password to access his or her own computer as well as when he taps into password-protected email, travel expense, retirement benefits and health plan services.To create unified security management solutions, CA is working with Symantec Corp., Internet Security Systems Inc. of Atlanta and other security vendors to find "pathways to each other's proprietary solutions," Moritz said, but so far they are "stuck at how to extract and normalize the data." He said the vendor-driven Oasis nonprofit international consortium might come up with answers first, using Extensible Markup Language. Government Computer News Chief Technology Editor Susan Menke contributed to this report.