NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY
07/05/05
Today's focus: Spotting outliers is elementary
Dear security.world@gmail.com,
In this issue:
* Elemental Security on outlier analysis
* Links related to Security
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Nokia
Empower Your Mobile Enterprise
Nokia believes that business mobility will fundamentally change
the way work gets done-and for the better. To allow the entire
organization to get the most from this paradigm shift in
productivity, Nokia Enterprise Solutions focuses on delivering
increased efficiency through enhanced mobility. Learn more by
downloading this white paper today!
http://www.fattail.com/redir/redirect.asp?CID=107716
_______________________________________________________________
See the Best Products First at DEMOfall
Join the industry's most influential leaders Sept. 19-21 on the
California coast for DEMOfall 2005 - two days of dynamic
presentations showcasing the most exciting new product
innovations. Meet technology's best and brightest, and network
with powerful journalists, analysts, and VCs.
http://www.fattail.com/redir/redirect.asp?CID=107613
_______________________________________________________________
Today's focus: Spotting outliers is elementary
By M. E. Kabay
Recently, I wrote about monitoring outliers as an essential task
in system and network management. Dan Spalding, of security
compliance management company Elemental Security, sent me a
thoughtful response illustrating how his company's products
support outlier detection. With his permission, here is an
edited version of his note.
* * *
Elemental's product continuously monitors enterprises'
ever-changing networks and provides a unified view of compliance
with established policies. It's an agent/server system that
collects detailed network usage data for all machines on the
network. It reports on traffic volumes for ports, protocols and
specified destinations (IP or URL) and readily exposes usage
anomalies in terms of network activity for a host or group of
hosts.
In addition to network traffic, we can also monitor the hardware
and software inventory on a host. Outliers here would be
detected as unapproved applications or hardware devices.
Elemental also gathers information on CPU, RAM and disk space,
which can highlight heavily utilized systems. Some of these may
be reaching the limits of their resources through normal use,
but some may be used in unauthorized or unplanned ways.
Another anomaly detection we do is tracking client/server
relationships. Whether these are infrastructure services or
application services, Elemental exposes changes in the number of
servers or agents that are part of these communities. System
managers can investigate surprises.
We also monitor trust relationships. If a machine unexpectedly
becomes a highly trusted host, then either there is a usage
anomaly or perhaps a potentially serious misconfiguration error.
In either case we expose something that would not otherwise be
readily visible.
Another kind of outlier is the rogue host: a new machine linked
to the network without documentation or authorization. Using the
power of our dynamic grouping technology, we can expose hosts
that are unknown and potentially rogue.
We agree that outlier analysis is an important issue in the
industry; based on comments from customers and analysts, the
problem is challenging to address. As you can see, being able to
report on many kinds of outliers on networks in near real-time
and in a unified manner is an important differentiator for
Elemental.
_______________________________________________________________
To contact: M. E. Kabay
M. E. Kabay, Ph.D., CISSP, is Associate Professor in the
Division of Business and Management at Norwich University in
Northfield, Vt. Mich can be reached by e-mail
<mailto:mkabay@norwich.edu> and his Web site
<http://www2.norwich.edu/mkabay/index.htm>.
A Master's degree in the management of information assurance in
18 months of study online from a real university - see
<http://www.msia.norwich.edu/>
_______________________________________________________________
This newsletter is sponsored by Nokia
Empower Your Mobile Enterprise
Nokia believes that business mobility will fundamentally change
the way work gets done-and for the better. To allow the entire
organization to get the most from this paradigm shift in
productivity, Nokia Enterprise Solutions focuses on delivering
increased efficiency through enhanced mobility. Learn more by
downloading this white paper today!
http://www.fattail.com/redir/redirect.asp?CID=107715
_______________________________________________________________
ARCHIVE LINKS
Archive of the Security newsletter:
http://www.networkworld.com/newsletters/sec/index.html
Security Research Center:
http://www.networkworld.com/topics/security.html
Instant sign-up for Security News Alert:
http://www.networkworld.com/isusecna
Instant sign-up for Virus & Bug Patch Alert:
http://www.networkworld.com/isubug
_______________________________________________________________
FEATURED READER RESOURCE
FOCUS ON RECOVERY
IT professionals are changing the way they back up and recover
data, experts say, with new emphasis on the speedier fetching of
data made possible by advancing technologies. At a recent
storage conference in Orlando, disk-based backup solutions were
touted - find out if attendees agreed and if faster storage
solutions will soon be available. Click here:
<http://www.networkworld.com/news/2005/062005-data-recovery.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment