Computer Associates Africa has introduced the latest version of its eTrust Security Command Centre offering, r8 - a solution that manages and responds to security events across the enterprise which in turn reduces business risk, increases security visibility and awareness and assists with regulatory compliance.
Key new features include out-of-the-box correlation tools, Web-based update services, advanced incident management functions and customisable "workspaces" designed for specific tasks such as comparing an organisation`s security posture and vulnerabilities against the standards set by the SANS institute.
Advanced bi-directional integration with network and systems management solutions such as Computer Associates` Unicenter NSM also enables IT security teams to leverage data from those solutions to even more effectively detect and respond to a full range of threats.
eTrust Security Command Centre monitors and manages all aspects of enterprise security, from threat discovery through resolution, in real-time. It provides a centralised command-and-control centre that presents security data in an intuitive graphical interface that enables IT security teams to quickly identify and respond to events and vulnerabilities based on their urgency and potential business impact.
Comments Karel Rode (CISSP), security sales executive at Computer Associates Africa: "In the event of a security breach, the investigation team looks at the system events and logs of the affected systems; however, often these logs aren`t archived properly. Moreover, these logs don`t allow the team to continuously improve a company`s security posture.
"eTrust Security Command Centre r8`s Audit feature, for example, allows companies to collect events from wide range of industry-standard operating systems, applications and appliances. And once data is reduced according to a policy, as defined on the SCC machine, data correlation can commence. Also, data sets from various systems can be compared again according to a central policy ensuring that areas of commonality for an attack threat can be found, with appropriate actions from the responsible team members."
Rules-based correlation
eTrust Security Command Centre r8 uses rules-based correlation to zero in on root-cause issues that underlie security events. Its out-of-the-box event correlation tools include:
* Rules library with more than 100 default policies for fast threat analysis;
* Automatic policy updates via the Web; and
* Rule templates and wizards that facilitate creation of customised rules.
Keeping up with CA`s Enterprise Infrastructure Management strategy, eTrust Security Command Centre enables IT organisations to manage security in a common manner with other infrastructure, application and data management processes, such as those running under CA`s Unicenter Network and Systems Management (Unicenter NSM).
This integrated approach reduces technology ownership costs and enables security policies to be extended across functional areas - for example, in using data about network traffic anomalies to better identify the nature of a security event.
Additionally, eTrust Security Command Centre r8 adds value by providing companies with updates of correlation rule templates, workspaces and agents via the Web. These updates are tested and validated to ensure their effectiveness.
eTrust Security Command Centre r8 also offers the following functionalities:
Advanced incident management functions
eTrust Security Command Centre provides IT security teams with advanced incident management functions, including:
* Incident grouping that allows multiple events to be processed based on common attributes - without modifying events in the event repository;
* Incident assignment and annotation for monitoring and enforcing timely and appropriate responses to events;
* Visualisation enhancements that facilitate the investigation and analysis of patterns and anomalies; and
* Integration with help-desk solutions, such as CA`s Unicenter ServicePlus Service Desk, for seamless workflow resolution.
Task-specific workspaces
* SANS Top 20 Workspace correlates high-priority threats based on the SANS Institute`s list of the Top 20 vulnerabilities; and
*Role-based workspaces that enable specific tasks such as virus control and DoS defence to be distributed to assigned team members.
Share
Editorial contacts