SECURITY RISK MANAGEMENT
Computer and network security has been viewed as an engineering problem,
and companies have tried to solve it through the application of technologies.
The real problem is not one of technology, but of process. Network security
is no different from real-world security. The correct paradigm is "risk
management".
A typical
description of the security threats are : Website defacements, corruption
and loss of data due to network penetrations, denial-of-service
attacks, viruses and Trojans. The traditional paradigm of computer security
is to avoid the threats but unfortunately this is only part of the process.
Security is a people problem, not a technology problem. Prevention systems
are never perfect. No bank ever says: “Our safe is so good, we don’t
need an alarm system”. Businesses manage all sorts of risks; network security
is just another one. Real-world security includes prevention, detection,
and response. A preventive countermeasure provides two things:
- Barrier to overcome
- Time to overcome the
barrier
On the Internet, this
translates to monitoring. IT monitoring implies a series of sensors in
and around the network. Every firewall produces a
continuous stream of audit messages. So does every router and server. Intrusion
Detection Systems (IDS) send messages when they notice
something. Realtime detection can catch attackers, regardless of the vulnerability
and rapid response can repel attackers, before they do lasting damage.
To discover and react to attacks
within the IT infrastructure a Security management and monitoring system
must be implemented.
The following 2 possibilities exist:
Seminar invitation
on this subject
SECURITY INFORMATION
MANAGEMENT (SIM) SYSTEM
Corporations
have invested heavily in building their enterprise security infrastructures
with point products such as IDS, firewalls, etc. Unfortunately, many of
them lie dormant or are ignored because they generate realms of security
information that require laborious analysis. The effect of this “Log Data
Overload” is that finding a true attack in a timely manner is as difficult
as finding a needle in a haystack.
Security teams need
an enterprise-level security solution that enables more efficient, more
effective threat management. A solution that:
- Enables centralized
attack monitoring and incident response
- Minimizes log data
overload to uncover true attacks quickly
- Views threat holistically
using correlated attack and vulnerability data
- Maximizes limited
security budgets
neuSECURE is a security
event management software solution designed to provide a comprehensive,
coherent view of enterprise security.
It correlates event data files from disparate machines such as firewalls,
intrusion detection systems, computer systems and routers and
automatically analyzes this data to uncover legitimate threats to the enterprise.
neuSECURE allows security analysts to prioritize their
investigations and focus on the mission-critical task of responding to
threats as they are occurring, rather than after the damage is done.
And with neuSECURE a security team can manage security threats from early
detection to final resolution without ever leaving the intuitive,
web-based console.
Business Benefits:
- Reduce the Cost of
Security Operations
- Generate Value from
Current Security Investments
- Reduce Business Risk
by Responding in Real-time
- Comply with Government
Regulations and Customer/Partner Agreements
CONTACT
FORM
MANAGED SECURITY MONITORING (MSM) SERVICE
GENESIS COMMUNICATION
together with Counterpane Internet Security, Inc. has brought this thinking
to computer networks by offering the Managed Security Monitoring (MSM)
Service for real-time detection and response using advanced correlation
technology and expert human security analysts.
Instead of major investments in software,hardware and services, the company
pays an annual user fee for a predefined
“Managed Service”. Thus the customer does not have to tie up any additional
staff resources, but can immediately
obtain the services offered, and benefit from established know-how.
READ
MORE ABOUT
CONTACT
FORM
