CA: Security monitoring swamps data centers

CA: Security monitoring swamps data centers

Firewalls, filters and intrusion detection systems have proliferated to the point that data center managers are being inundated by terabytes of uncorrelated security reports, Computer Associates International Inc.'s Ron Moritz said in an interview today.

Events have forced network managers to buy into the concept of multiple lines of defense, said Moritz, CA's senior vice president for security, a certified information systems security professional and a founding member of the IT Information Sharing and Analysis Center formed by presidential order in 2000.

But those same network managers are installing so many sensors to record every network event that they 'reach the point of diminishing returns,' he said. 'There's no way yet to process the signals from the noise. It's not in the market today.'

To correlate reports in real time, dump the false positives and skim off only what's relevant, the industry needs to normalize its reporting formats and help managers visualize the results. CA, Symantec Corp., Internet Security Systems Inc. of Atlanta and a few others are working on 'pathways to each other's proprietary solutions,' Moritz said, but so far they are 'stuck at how to extract and normalize the data.'

He said the vendor-driven Oasis nonprofit international consortium might come up with answers first, using Extensible Markup Language. 'It's a deep data mining problem,' he said. The ultimate answer could be 'an immune system concept' for defense in depth.

To make systems sustainable, Moritz said, the industry needs better-educated software engineers; systems to manage access, identity and threats; plus help desk services for security managers. 'It's a very different kind of business intelligence problem,' he said.

CA's eTrust Security Command Center software for access management is in beta release now, Moritz said.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected