CA: Security monitoring swamps data centers

CA: Security monitoring swamps data centers

Firewalls, filters and intrusion detection systems have proliferated to the point that data center managers are being inundated by terabytes of uncorrelated security reports, Computer Associates International Inc.'s Ron Moritz said in an interview today.

Events have forced network managers to buy into the concept of multiple lines of defense, said Moritz, CA's senior vice president for security, a certified information systems security professional and a founding member of the IT Information Sharing and Analysis Center formed by presidential order in 2000.

But those same network managers are installing so many sensors to record every network event that they 'reach the point of diminishing returns,' he said. 'There's no way yet to process the signals from the noise. It's not in the market today.'

To correlate reports in real time, dump the false positives and skim off only what's relevant, the industry needs to normalize its reporting formats and help managers visualize the results. CA, Symantec Corp., Internet Security Systems Inc. of Atlanta and a few others are working on 'pathways to each other's proprietary solutions,' Moritz said, but so far they are 'stuck at how to extract and normalize the data.'

He said the vendor-driven Oasis nonprofit international consortium might come up with answers first, using Extensible Markup Language. 'It's a deep data mining problem,' he said. The ultimate answer could be 'an immune system concept' for defense in depth.

To make systems sustainable, Moritz said, the industry needs better-educated software engineers; systems to manage access, identity and threats; plus help desk services for security managers. 'It's a very different kind of business intelligence problem,' he said.

CA's eTrust Security Command Center software for access management is in beta release now, Moritz said.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group