InformationWeek.com

Welcome Guest. | Log In| Register | Membership Benefits

July 27, 1998

Security At The Center

IT security is being integrated into enterprise management, offering single-console control

By Beth Davis

ecurity is going the way of software distribution, help desks, and other IT support functions: It's getting integrated into enterprise-management platforms. The benefits, vendors and customers say, are simplified administration, centralized control, and tighter integration with business processes and other applications.

The big management software vendors are vying for position. Tivoli Systems said last week it will integrate IBM's single-sign-on software with the Tivoli TME 10 platform, letting customers centrally manage user passwords. Hewlett-Packard last week unveiled an access-control system and intrusion-detection tool that's built into HP OpenView. Platinum Technology plans to integrate single-sign-on and user-administration software into its ProVision suite. As part of its Unicenter platform, Computer Associates is developing an intelligent security system based on neural network technology. And Bull HN Information Systems will integrate electronic-commerce security into its management platform.

IT managers say integrating security into enterprise systems eliminates the need to manage various security devices from multiple consoles: one for the firewall, another for user access, another to guard against security break-ins, and yet another to manage enterprise functions not related to security.

"It becomes very difficult to train administrators on all the different products," says Kevin Hamilton, CIO of Media News Technology, the IT arm of Media News Group, a Denver newspaper publisher. "You have to have a totally different mentality when you go from product to product. The more an administrator has to learn, the more likely something is going to fall through the cracks, which defeats the purpose of the security product in the first place."

Media News uses Unicenter and CA's single-sign-on software to consolidate user passwords and logons. Ultimately, Unicenter will help the company secure and manage a WAN that connects its 135 newspapers and 11,000 systems nationwide.

Integrated security tools let users take advantage of a management platform's administrative capabilities, such as deploying software and inventorying assets more efficiently.

Integrated security also lets administrators coordinate security events with system and application events. For example, security can be set to block access to a system while a job scheduler runs backups or large batch jobs. Or administrators can make connections between network events and possible security breaches. A surge in IP traffic might indicate a hacker breaking in or some other problem in the infrastructure. Either way, integrated security could help seal vulnerable spots in the enterprise.

"You need to look at the weakest points more closely because that's where hackers will try first," says Tony Fontaine, VP of applied technology at Bally Gaming Inc., a slot machine and gaming systems manufacturer in Las Vegas. "The more you can correlate events, the better it is."

Keeping Customers Happy
Moves by management software vendors to add security to their platforms is a reaction to customers unhappy with piecemeal products, which require them to manage firewalls, intrusion-detection devices, antivirus software, and other security tools from a variety of vendors. "Having it all in one place lets the CIO reach out and touch the network and see all that is going on," says Larry Dietz, a security analyst with Current Analysis. "They can watch the uptime and efficiency of the network as well as the security."

Centralized security management and a common user interface were key to Bally's decision to go with HP's OpenView platform. The gaming company will launch a system in October that will let 75,000 Nevada customers place bets on sports events over a private extranet.

Initially, Bally's Fontaine thought he would go with standalone security products. But after looking at enterprise-management systems, he chose OpenView in part because of its security capabilities--particularly the intrusion-detection software from Cisco Systems Inc. Bally just finished implementing OpenView Network Node Manager 6.0 on Windows NT. The company plans to expand its online betting system into horse racing and offer it in as many as 35 states. When that happens, Bally will migrate to Unix, Fontaine says.

Bally is testing HP's new security products: OpenView Access Manager and OpenView Node Sentry. Access Manager lets administrators define employee access rights to operating systems, Oracle data- bases, and enterprise applications such as SAP R/3. Node Sentry is software based on Cisco's intrusion-detection tool that watches for unauthor- ized activity in firewalls.

Florida Power & Light Co. just finished migrating from a point product that managed access rights for its 150 Unix servers to an integrated Tivoli tool. Next year, the utility will add the ability to control mainframe access from TME 10.

Integrating security capabilities into TME 10 "makes everything more consistent," says Nancy Mulshine, manager of Florida Power & Light's operations. Administrators don't need to be versed in both Unix and NT, she says. "The framework handles the differences," Mulshine says. "It masks the complexities."

While most agree that centralized security management is the way to go, some warn that integrating security into enterprise-management platforms might be overkill. "It's kind of like going after a fly with a blunderbuss," says Carl Howe, an analyst with Forrester Research Inc. "It works, but it isn't the best tool for the job." These systems are great for companies that have already invested in an enterprise-management system, Howe says, but for others there are less expensive approaches.

Other Options
Axent, Check Point Software, Security Dynamics, and Network Associates are among the vendors of conventional security products that are developing integrated systems. Network Associates, in particular, has pursued an aggressive acquisition strategy that chairman Bill Larson says will let the company go head-to-head with the likes of CA.

Network Associates will offer products integrated into an enterprise system that includes network-management and help-desk capabilities. Later this quarter, Network Associates will launch Active Firewall, which will combine intrusion-detection, antivirus, and encryption capabilities. Next year, the company will roll out a next-generation console, called NetTools 3GC, that will proactively respond to network and security problems. Network Associates' security-management system could run as much as $500,000 or more depending on the number of users. That's still less than the multimillion-dollar price tags of enterprise-management systems.

Still, the enterprise-management vendors will be tough competition. Tivoli already offers security tools such as user administration and antivirus software in TME 10. The new Global Sign On module for TME 10 is the first integration between the Tivoli platform and an enterprise security product from parent IBM--but it won't be the last. IBM developers are building a module to tie IBM's firewall into TME; in September, Tivoli will release a feature that will let users leverage directories based on the Lightweight Directory Access Protocol.

CA offers single-sign-on, antivirus, and encryption software that can be distributed and managed from Unicenter. It also offers network security software that can act as a firewall on both Unix and NT. But that's only the beginning, says Yogesh Gupta, CA's senior VP of product strategy. By next year, the software maker plans to tie neural network technology with antivirus and intrusion-detection capabilities into an intelligent system that can identify an attack or virus even if the system hasn't seen it before.

Security On The Fly
Most vendors in the security market are developing this so-called adaptive security, which can detect and handle an attack on the fly. HP OpenView's new intrusion-detection product can catch unauthorized activity, notify the network security personnel, and block the unauthorized activity.

Platinum Technology is boosting its security efforts with a resource-management tool that has a workflow component to let business managers set policies that determine which IT resources employees can access. The tool will be a key piece of the vendor's ProVision platform within two years, says Robert Peterson, VP and general manager at Platinum's security unit.

Bull has integrated single-sign-on and intrusion-detection capabilities into its ISM OpenMaster platform. The platform can also manage popular firewalls as well as some virtual private network tools, says Gerry Crow, director of marketing for OpenMaster. By year's end, Bull plans to release SecureWare, a product that will work with OpenMaster to secure E-commerce transactions.

Bull and other platform vendors have their work cut out for them: Integrating security into management platforms is a complex, evolutionary process. Conventional security vendors aren't going to relinquish this area to the enterprise vendors without a fight. For customers, the competition can only lead to more products that proactively manage and secure the systems, networks, and applications on which their business processes run.

--with additional reporting by Caryn Gillooly