Security is Down-to-Earth Business at RSA

• By John K. Waters
• February 14, 2006

In my dual preview of this week's RSA Security show down in San Jose and the Open Source Business Conference up in San Francisco, I suggested that the RSA event would be the more abstract of the two, while the OSBC would be more concrete. You know, encryption theories versus the balance sheet.

Well, I stand corrected, as it happens, by Gene Schultz and Avi Rembaum, the CTO and director of strategic marketing, respectively, of High Tower Software.

''Security is never going to be a profit center,'' Rembaum told me, ''but the business function of information management—and by extension, security—is now taking precedence over the technology function.''

Has the IT/business alignment wave really begun to wash over the rarified world of information security? I have to admit, most of the keynotes at this show have sounded a veritable clarion call for down-on-the-ground practical solutions for protecting our data.

''[Enterprises] are definitely starting to look at security as part of the overall business picture,'' Rembaum says. ''Which is good news and bad news: If you're in the security group, you'd better be prepared to justify your expenditures and be able to explain in bottom-line terms how they're going to save the company money.''

Based in Aliso Viejo, California, High Tower makes and sells security event management (SEM) appliances. The company recently upgraded its High Tower Event Manager 3210 , which Frost and Sullivan gave their ''Best Bang for the Buck'' award last year.

SEM tools aggregate and correlate volumes of intrusion detection and other data about the security condition of systems and networks. These tools have a correlation capability, usually based on logic conditions that are based on the occurrence of multiple, related events that show whether attacks have occurred. These ''rules'' vary considerably in complexity, from elementary-level rules that correlate multiple observations of a single event to ''metarules'' based on logic in which a series of events that represent attacks are specified.

Among the key improvements in the 3210 are MetaRules developed by Schultz and his team.

Dr. Schultz is High Tower's Gandalf the Grey. Before joining the company, he served as Principal Engineer at Lawrence Berkeley National Laboratory. He founded the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC), and he co-founded FIRST, the Forum of Incident Response and Security Teams. ''What we're seeing happening now is that the security guys, who have been saying to the C-level execs for years that they need to be thought of as strategic, are getting a place at the table,'' Schultz added.

Hey, I can’t be right all the time.

###