Content

NetIQ Security Manager

This product is aimed at managing security across a multi-vendor environment of disparate security solutions, enabling a choice of best of breed for each requirement. It also includes a host-based IDS application which detects unauthorized services and rogue processes. Automatic actions include raising alarms and ending unauthorized services. It alerts when membership of the administrators' user group changes, should a hacker try to elevate his privileges. System files are monitored for replacement by Trojan horses.

Windows NT/2000/XP and Solaris 8/9 OSs are supported. Central deployment of the agent can be achieved. As a management platform it can correlate events in real time from third-party security products, including anti-virus, firewalls and IDS. Automating responses to events, its extensive knowledge base offers advice on specific attacks.

McAfee, Norton, and Trend Micro provide anti-virus support, while firewalls include Check Point Firewall-1 and Cisco PIX. Besides managing firewalls, it also detects configuration errors. As well as its own host-based IDS, it can integrate the management and reporting of ISS's RealSecure IDS. Both host and network-based RealSecure sensors are supported, as is RealSecure's Workgroup Manager. Security Manager provides a well documented authoring guide for those wishing to build their own solutions on top of Security Manager. It can automate event suppression, consolidating multiple alerts in a single alert, including a counter indicating the number of attacks. It can run a command or script automatically and correlate multiple failed logon attempts, enabling you to take action by disabling the logon ID.

The Security Manager database requires a Windows 2000 Server, while the user interface can be based on Microsoft Management Console (MMC) or accessed via any web browser. Reporting is performed using Microsoft Access but reports can be saved in HTML. Reports can be scheduled so that they are automatically 'published' as HTML files or printed out. The log management capability helps meet audit and legal requirements with real-time security log consolidation, analysis and reporting.

Product title
NetIQ Security Manager
Product info
Name: NetIQ Security Manager (IDS group test) Description: Price: $900 (server); from $150 (sensor)
Strength
Intuitive user interface that is easy to use and very flexible.
Weakness
Although including a host-based IDS, this product is aimed more at managing an environment of multi-vendor security systems.
Verdict
This is a comprehensive reporting and management system that consolidates input from its own host-based IDS with third-party IDS, anti-virus and firewall products.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.