Security is Down-to-Earth Business at RSA
- By John K. Waters
In my dual preview of this week's RSA Security show down in San
Jose and the Open Source Business
Conference up in San Francisco, I suggested that the RSA event would be
the more abstract of the two, while the OSBC would be more concrete. You know,
encryption theories versus the balance sheet.
Well, I stand corrected, as it happens, by Gene Schultz and Avi Rembaum, the
CTO and director of strategic marketing, respectively, of High Tower Software.
''Security is never going to be a profit center,'' Rembaum told me, ''but the
business function of information management—and by extension, security—is now
taking precedence over the technology function.''
Has the IT/business alignment wave really begun to wash over the rarified
world of information security? I have to admit, most of the keynotes at this
show have sounded a veritable clarion call for down-on-the-ground practical
solutions for protecting our data.
''[Enterprises] are definitely starting to look at security as part of the
overall business picture,'' Rembaum says. ''Which is good news and bad news: If
you're in the security group, you'd better be prepared to justify your
expenditures and be able to explain in bottom-line terms how they're going to
save the company money.''
Based in Aliso Viejo, California, High Tower makes and
sells security event management (SEM) appliances. The company recently upgraded
Tower Event Manager 3210
, which Frost and Sullivan
gave their ''Best Bang for the Buck'' award last year.
SEM tools aggregate and correlate volumes of intrusion detection and other
data about the security condition of systems and networks. These tools have a
correlation capability, usually based on logic conditions that are based on the
occurrence of multiple, related events that show whether attacks have occurred.
These ''rules'' vary considerably in complexity, from elementary-level rules
that correlate multiple observations of a single event to ''metarules'' based on
logic in which a series of events that represent attacks are specified.
Among the key improvements in the 3210 are MetaRules developed by Schultz and
Dr. Schultz is High Tower's Gandalf the Grey. Before joining the company, he
served as Principal Engineer at Lawrence Berkeley National Laboratory. He
founded the U.S. Department of Energy's Computer Incident Advisory Capability
(CIAC), and he co-founded FIRST, the Forum of Incident Response and Security
Teams. ''What we're seeing happening now is that the security guys, who have
been saying to the C-level execs for years that they need to be thought of as
strategic, are getting a place at the table,'' Schultz added.
Hey, I can’t be right all the time.
John K. Waters is a freelance writer based in Silicon Valley. He can be reached
at [email protected].