Army depot rolls up security reports
ETrust audit tool fields a system of virtual agents
- By William Jackson
- Jul 09, 2004
Like many systems administrators, Sue Jeffcoat felt overwhelmed by data from network security logs at the Letterkenny Army Depot near Chambersburg, Pa.
'It took way too many man-hours to look at each log separately,' Jeffcoat said.
So, about a year ago the depot began using eTrust Audit from Computer Associates International Inc. to correlate all security data. It gave Jeffcoat a single point for keeping an eye on the network.
'I think it was a surprise to our users,' she said. 'They are shocked that we find things out so quickly.'
One of the most common help-desk calls is to reset passwords for users who get locked out. The eTrust tool has relieved that problem.
'We were seeing that they were having problems before they called the help desk,' she said. 'We could call them and say, 'I see you're locked out.' '
Letterkenny, a tactical-missile repair site spread over 17,500 acres, repairs and maintains Patriot missiles and their ground support and radar equipment. The depot's LAN, running Cisco Systems Inc. equipment, serves about 2,000 users.
Because Jeffcoat's primary responsibility is network security, she wanted more meaningful results from the data accumulating in logs of various systems and security tools.
ETrust Audit, part of CA's suite of security products, places software agents on firewalls, intrusion detection systems and antivirus products. The agents feed data to the eTrust Security Command Center for a unified view. The audit tool also gathers and translates log data from servers running Unix, Microsoft Windows, Linux and IBM OS/390.
A report tool creates standard or custom reports for the command center.
'ETrust Audit is a repository from which you can extract some data,' CA chief security strategist Ron Moritz said. 'The real knowledge is in the command center.'
Putting the product to work at Letterkenny was simple. 'It was an easy, straightforward implementation,' Jeffcoat said. 'We are a Windows NT environment. I just turned on what I wanted from the NT template.'
The tool can be customized with user-specific policies and can drill down into specific devices to look for problems, or the source of problems.
'We have written a few policies on our own,' Jeffcoat said, 'but most of it is right out of the box.'
As the name implies, the audit tool also can verify that security policies are enforced and can supply forensic data about a security breach.
'Accountability is emerging as a big strategy for organizations,' Moritz said.
But Jeffcoat has not yet had to use the tool to investigate a security incident.
'That hasn't happened since we've had it,' she said. 'We have good users at Letterkenny.'
William Jackson is freelance writer and the author of the CyberEye blog.