Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


EMC Focuses enVision

Overhauls its SIM/SEM solution in an attempt to tap into enterprises' compliance requirements

EMC has stepped up its efforts around security event management (SEM), attempting to pull security data from a slew of different hardware and software offerings. (See RSA, EMC Integrate.)

The market for security event management (SEM), or security information manamagement (SIM), as it is also known, is growing, thanks to the recent explosion in compliance regulations, both in the U.S. and overseas. (See Vendors Strike SIM Note and Germany Goes Data Crazy.)

Sarbanes Oxley and the Health Insurance Portability and Accountability Act (HIPAA) were just the first in a series of regulations forcing CIOs to come to grips with a bewildering array of audit logs and security reports. (See Users Splash Cash on SOX, Research Finds HIPAA Ineffective, In Other Words, Lying, EU Compliance Looms for Stateside IT, and Top Tips for Compliance .)

In an attempt to tap into this trend, EMC has overhauled its enVision product, which became part of the vendor's RSA division after the storage giant bought Network Intelligence last year. (See EMC Pockets Network Intelligence, EMC Acquires RSA, and EnVision Proven Functional.)

In a nutshell, enVision consists of monitoring software running on a Windows server, which trawls through logs and reports sent from different parts of the data center.

Pulling log data from switches, routers, firewalls, and databases may seem a fairly mundane activity, but it's also a critical one, according to EMC. "What you're dealing with is hundreds of thousands of events per second," says John Worrall, vice president of information and event management in EMC's RSA division. "It's important to be able to sift through them very quickly and identify which ones relate to a problem that you have to deal with now."

Yesterday the vendor took the wraps off enVision version 3.5, which extends support for both EMC storage devices and hardware from third-party vendors. EMC has also enhanced the solution with features such as Triage, which allows users to quickly draw data from reports as they come in, and the creation of watchlists to check for specific security threats, such as denial-of-service (DOS) attacks.

At least one early adopter tells Byte and Switch that enVision has made his life much easier. "There's about 250 devices that we monitor -- it would be real tough to monitor them individually," says Chris Norris, senior IT security engineer at the American Modern Insurance Group (AMIG) in Cincinnati.

The exec explains that prior to deploying enVision, his firm was drowning in a sea of logs and reports. "The biggest benefit is the ability to deal with data that was previously impossible to deal with," he says, explaining that AMIG's firewalls alone generate between 500 and 700 events or reports per second. "That deluge of data was previously very difficult to manage and now it's not."

Despite these benefits, Norris admits that there are some areas where he would like to see enVision improved. "There is always expanding the list of supported devices. I would like to see more support for different anti-virus packages," from established vendors such as Symantec, McAfee, and Trend Micro, he says. (See Symantec Signals More M&A, McAfee Launches Appliances, and Trend Micro Serves up Protection.)

Last year, a report from Dark Reading revealed that almost a third of firms have already deployed some sort of security management product, although it warned that vendors have been slow developing links to other management systems. (See Enterprises Adopt SIM Tools.)

EMC is not the only vendor playing in this space, facing stiff competition from IBM with its Tivoli Security Compliance offering, as well as netForensics' nFX security platform, which is resold by HP. (See netForensics Manages Security Info and netForensics, HP Partner.)

Other vendors in this corner of the market include ArcSight, which recently announced a partnership with Oracle, and Cisco. (See Oracle Gains Partners and Execs Concerned About Data Loss.)

EMC's Worrall was unable to cite a standard list price for enVision when Byte and Switch contacted him, explaining that this depends very much on the application and the number of devices supported. "At the smaller end there are customers spending $30,000, [and at the high end] there are customers spending millions," he says.

— James Rogers, Senior Editor Byte and Switch

  • ArcSight Inc.
  • Cisco Systems Inc. (Nasdaq: CSCO)
  • EMC Corp. (NYSE: EMC)
  • Hewlett-Packard Co. (NYSE: HPQ)
  • IBM Corp. (NYSE: IBM)
  • McAfee Inc. (NYSE: MFE)
  • netForensics Inc.
  • Network Intelligence Corp.
  • Oracle Corp. (Nasdaq: ORCL)
  • RSA Security Inc. (Nasdaq: EMC)
  • Symantec Corp. (Nasdaq: SYMC)
  • Trend Micro Inc.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 9/17/2020
    APT Groups Set Sights on Linux Targets: Inside the Trend
    Kelly Sheridan, Staff Editor, Dark Reading,  9/11/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    Special Report: Computing's New Normal
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-09-18
    Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.
    PUBLISHED: 2020-09-18
    Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.
    PUBLISHED: 2020-09-18
    UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
    PUBLISHED: 2020-09-18
    UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
    PUBLISHED: 2020-09-18
    ** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice."