 |
|
DAILY NEWS AND INFORMATION
FOR THE GLOBAL GRID COMMUNITY /
|
Breaking News -
Security:
High Tower Announces Appliance For
Real-Time Protection
High Tower Software Inc, a provider of Security Event Management (SEM)
solutions, introduced its TowerView product into the SEM market at the CSI
show. TowerView collects data and events from any network security device,
then highly sophisticated rules correlate the data and display the results --
all in real time.
The original TowerView Security software product, announced in April, also
included correlation and presentation functionality. Additionally, the new
TowerView 1000 and 2000 products contain a robust set of over 50 pre-packaged
rules, and many new agents. Now ported to Windows, it has been integrated into
a rack-mount appliance that is easy to deploy and maintain. The architecture
was designed for real-time performance; the database is not inline (which
slows down analysis and limits scalability), but is available for forensics
and reporting.
Intelligent Correlation
TowerView collects event data in real time from security devices, including
vulnerability assessment data. TowerView employs a powerful, proven rules-
processing engine capable of performing advanced statistical and arithmetic
functions. Robust correlation rules are applied to event data streams to
identify anomalous activity, providing unprecedented insight to the security
analyst. Data is immediately correlated to detect and report multi-source,
multi-target threats and attacks. The benefits of intelligent correlation are
seen in three unique attributes:
- High Tower's granular approach to normalization tells a network security
analyst not only that a scan has been observed, for example, but whether it
was a malicious scan or a normal scan, so that more actionable information is
delivered to the analyst.
- TowerView's "rolling rules" monitor network security devices and can
trigger more complex network-oriented rules to fire. After the device-specific
correlation is done, TowerView takes the analysis to the next logical
step.
- Self-adjusting rules "learn" what traffic is "normal," generating far less
false positives and ensuring that meaningful data is highlighted. Without this
capability, the analyst would have to set static limits manually for thousands
of events on the network, defining for each, what is "normal" for 11 a.m., for
example, versus what is "normal" for 3 a.m.
Understandable Presentation Of Complex Data
The security event data is presented in TowerView's patented 3-D display,
the
CyberGrid. Operators can customize the presentation of security events. The
CyberGrid provides a holistic view of the entire network and physical
infrastructure, giving administrators one-click access to detailed event
information, recommended resolution actions and external point solutions. Most
importantly, it highlights significant information to draw attention to the
most serious anomalies. The color and height of the displayed towers
communicates the extent to which data exceeds thresholds, so the severity of
the threat is quickly understood. In addition, the need to drill down into
cumbersome log files is eliminated -- an on-screen message explains the event
summary with just one click.
An effective solution For Network Security
Combining robust, real-time correlation and displaying the results of that
complex data analysis in an understandable presentation, TowerView provides
unparalleled insight into the status of your security measures. Security
operators can actually be alerted about network threats and vulnerabilities in
time to stop the damage because the analysis and alerting is done in real
time.
"Tower View's 'intelligent correlation' is right on track compared to first
generation correlation techniques, which were extremely limited in
comparison," stated Phebe Waterfield, a CISSP and security solutions analyst
with the Yankee Group. "Visualization of correlation results is of prime
importance, too, and this solution delivers both the macro view and the micro
view of your network security status at a glance. In addition, I believe that
packaging this robust solution in an appliance will ease both deployment and
maintenance."
"An ever-increasing number of security devices has not and will not solve
the
fundamental challenge of protecting network-accessible assets," noted Dr.
Ursula Schwuttke, co-founder of High Tower Software. "The challenge is not
just to correlate security event information, but to also present it so it can
be acted on while it's still relevant. This challenge has not been met by
other vendors. It requires the patented approaches to both correlation and
presentation that we developed at NASA to handle the massive volumes data from
deep space probes."
"The SEM market is already a crowded one, with everyone talking about
real-time correlation," said Gordon Smith, CEO of High Tower. "But when we
explain our intelligent correlation to customers and prospects, and show them
how we present alerts in our 3-D Grid, they are amazed to see how easily the
displayed data can be interpreted compared to other SEM vendors."
|