Making IT comprehensible to the board
Could BI tools work for network security?
By Bryan Betts, Techworld | Published 12:00, 15 December 07
Could techniques like those developed for business intelligence (BI) applications, analysing huge quantities of commercial data to uncover hidden trends and relationships, also be applied to security and systems management data flows?
Certainly, says Ulrich Weigel, the director of security products at NetIQ, now part of the Attachmate empire but still developing software to help people manage their IT systems.
The problem, he argues, is that most times, there is lots of data available, but it all exists in different systems and as a result it relies on fallible and over-worked humans to pull it together and spot the relationships.
The answer, he says is to converge your security and systems management. "For example, the Sasser virus pushed up CPU usage, it took networks down, it was a problem for VoIP and so on," he adds. "Correlating all that information would have shown what was going on."
Part of that is security event (or information) management. SEM (or SIM, depending on who you talk to) is designed to do pull together the data coming from an organisation's security devices - firewalls, IDS, IPS, VPNs and so on - and convert it all into a common format for analysis and reporting.
Security is just a start, though, Weigel says: "We try to take all of an enterprise's systems, put them together and report on that, so that includes change and configuration management and SEM.
"The key factor is building the intelligence to filter it all. For example, if you want to detect a hacker copying data, it is very difficult with an IDS or IPS. The only route is to correlate the server log files across systems and look for anomalies."
The filtering and analysis is where those techniques developed on the business side come in, he adds.
