event management

IBM and Cisco get cozier in telecom, large enterprise space

Sun, 17 Jun 2007 20:01:38 -0400

Building on a strategic alliance first announced in 1999, IBM and Cisco Systems plan to release a jointly developed offering called the Cisco Assurance Management Solution, which integrates Cisco's Active Network Abstraction (ANA) device management and mediation technology with IBM's Tivoli Netcool/OMNIbus and Netcool/Precision management software, Alan Ganek, chief technology officer at IBM Tivoli Software told CIO magazine. The companies expect the product to gain traction among telecom carriers and large enterprises looking for a better way to manage heterogeneous networks. "IBM's overall partnership with Cisco has largely been around the services area," Ganek said. "This new one really gets into our development teams in the software world." The first version of Cisco Assurance Management Solution will features network fault monitoring, trouble isolation and real-time service-level event management.

For the full story:
- see CIO for this article

Policy: The first step toward risk management

Thu, 10 May 2007 20:01:39 -0400

When it comes to dealing with risk management issues, think policy first and technology second. Build a defensible case. Once you have a policy in place, technology--in the areas of Identity and Access Management (IAM), Security Information and Event Management (SEIM), configuration auditing, content monitoring, database activity monitoring and IT governance risk/compliance--can help. If you implement only one technology, it should be IAM, with SIEM running a close second. But they are no substitute for solid policy. Configuration management systems can help find faulty business practices, but it's policy that makes users understand what's acceptable usage and what isn't. Configuration auditing technology pinpoints unauthorized changes in the network, but you still need well-defined configuration policies and change management processes. Database activity monitoring technologies are a good idea, but it's not enough; systems must be re-engineered for encryption. IT governance and policy management technology can help businesses strengthen external audit posture and can reduce the cost of control measurement and compliance reporting, but it shouldn't be considered a substitute for policy development work.

Learn more about the importance of policy in risk management:
- read the article at SearchCIO

ALSO: read this on the intersection of risk and compliance

False positives: the scourge of network security

Sun, 11 Mar 2007 20:01:38 -0400

It's hard enough to keep your company's networks secure without the possibility of false positive security alerts from security systems such as IPS, IDS, firewalls and antivirus systems. A high percentage of false positives means critical data can be misinterpreted, leading the team to look for malicious activity that doesn't exist. That, in turn, can leave them too busy to focus on real threats. What's more, false positives take too much time to sort through. The biggest cause of false positives is when security systems can't understand the business importance and vulnerabilities of all systems within the organization. To fight false positives, maintain up-to-date system and network configurations so that sensors property reflect the network's structure, behavior and preferences; train security personnel for first-pass analysis and escalation; track the ratio of false positives; regularly review sensor performance; correlate security events from different systems to highlight unusual events; focus on deviations from acceptable use policies; educate your users on security policies and acceptable network use; and consider a Security Information Event Management (SIEM) solution.

For more about reducing false positives:
- read the article at IT-Observer

Merging physical security and IT security

Tue, 06 Feb 2007 19:01:38 -0500

The convergence between physical security and IT security, which began in earnest last year, is crucial to enabling organizations to fully protect their data and networks during security attacks. On the physical security front, important technologies include video surveillance, IP video technologies and alarm technologies, all of which can communicate in real time to provide up-to-the-minute information. The challenge is in managing, correlating and analyzing all of this physical security in an IT framework, in order to drive correct decisions. This can be a complex process often requiring outside assistance, but new technology, such as Security Event Management (SEM) and Security Incident Management (SIM) can help.

Learn more about what it takes to merge IT and physical security:
- read the article at TechNewsWorld