Symantec Refreshes Enterprise Security Products
- By Stephen Swoyer
- November 15, 2001
Symantec Corp. on Thursday updated its Enterprise Security Manager (ESM) and Intruder Alert (ITA) security assessment tools. Symantec acquired both products when it purchased Axent Technologies Inc. in July 2000.
According to Symantec group product manager Ronald van Geijn, ESM 5.5 and ITA 3.6 represent the first major post-acquisition releases of either product.
“These are the first major releases now that we’re part of Symantec, so we really concentrated on delivering upgrade value along with integration with other Symantec products,” he explains.
ESM is a vulnerability assessment tool that an IT organization can use to scan an environment against a pre-defined security policy for potential problems or loopholes. Symantec’s van Geijn says that ESM ships with canned security policy settings, but stresses that IT organizations can define their own security policies and test systems across their environments for compliance.
Van Geijn describes ESM 5.5 as a “forced-compliance” checking tool, which, he says, means that “you build a security policy and you actually go out and make sure it’s applied on all of your systems.”
What kinds of vulnerabilities does ESM look for? “It allows you to ... check on an ad hoc basis for vulnerabilities, like GETADMIN, Code Red, Nimda and others,” van Geijn confirms, adding that Symantec updates ESM’s vulnerability signatures as new bugs are discovered. “We came out with an update for Code Red as early as June 20th.”
ESM 5.5 now supports relational data repositories, which means that ESM “Managers,” centralized servers that collect information from distributed ESM “agents,” can export data to Oracle, SQL Server and Access databases. “[C]ustomers, and the largest is 360,000, can pull info ... to a secure database where they can do analysis of the data,” van Geijn confirms. “We have a reporting tool for small- and medium-business customers that do not have the security expertise necessary to write those tools.”
Where ESM focuses on the identification and assessment of existing vulnerabilities, ITA –- an intrusion detection tool -– attempts to successfully intercept attacks as they occur, or identify them in the aftermath of a breach. ITA 3.6 monitors the “gotchas” of any Windows NT 4.0 or Windows 2000 environment -– the system event log and start-up system files –- and also safeguards the Windows registry, as well.
“You can actually keep track of registry keys. Even if a user turns on a modem or activates a piece of software, ITA can raise an alert or shut the system down,” van Geijn remarks. “Then there’s a whole bunch of new features that can monitor event files, and certain event wrappers that wrap around event services.”
Van Geijn stresses that both ESM and ITA offer extensive cross-platform support –- in addition to Windows NT 4.0 and Windows 2000, Solaris, HP-UX, AIX and Red Hat Linux are supported; NetWare 6 support is forthcoming –- and boast integration with technologies such as Live Update, an auto-update facility that Symantec has implemented across its product line.
Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.