Symantec expands on Security Management Vision

MarketWatch: Infrastructure, May 28, 2003

Symantec Corp has released two key components of its Security Management System (SSMS) offering, the suite of software driving the company's ambition to be a comprehensive solesource for corporate security products.

Incident Manager, the big-ticket security event correlation system, is hitting version 2.0, six months after its initial launch. Symantec executives told ComputerWire that it will allow buyers to manage a wider range of security products from one console.

"It's time for security to move out of its adolescent phase, when it's all about tools and utilities, and into the enterprise level, when its all about a higher level of integration," group product manager John Heath said.

Heath said that support for products from three additional vendors--Trend Micro Inc, Check Point Software Technologies Ltd and Cisco Systems Inc--has been added, in the form of Event Collectors, agents that draw log information from third-party products.

Key among the upgrades in 2.0 is the level of automation added to the real-time correlation of events, which previously required some manual intervention. It is believed the CyberWolf software Symantec acquired last year is to thank for this.

Incident Manager is designed to take the pain out of poring over security event logs, by aggregating and correlating log entries into "incidents". It may, for example, present a high-level view of a virus attack, rather than enumerating each individual infection.

Heath said that Incident Manager can be extended when used with Vulnerability Assessment (VA), the second product to be released today. VA is a first release, which checks hosts for software version, patch installations and a list of known vulnerabilities.

VA is a cheap and cheerful alternative to Enterprise Security Manager, which, we are told, is to be renamed Policy Manager at some point. The system does not require the user to write any kind of rule or policy, said senior director of product management Craig Rode.

Both products are part of SSMS, which uses Symantec's Enterprise Security Architecture (SESA), comprising a common user interface and data repository, which will ultimately cross all of the company's SSMS applications.

Last month, Symantec CEO John Thompson said that Symantec's strategy is one of providing a range of security products within a unified management system, because customers are "sick of this notion of point-product best-of-breed crap".

Incident Manager has a typical price point of $75,000 to $100,000, based on the number of protected systems. VA is priced on the number of agents deployed, each of which costs between $75 and $100.