With 68 firewalls and seven gigs a day of security reports to wade
through, the senior network administrator of a $1.8 billion holding
company was in over his head when it came to knowing what was happening
on his network.
His firewall logs alone were stacked so deep that it easily took him
eight hours to consolidate the information he needed after a single
security incident.
”I’d have to dig through old logs and write my own queries and then
examine the results,” says Timothy Guy, senior network administrator for
the midwest-based enterprise, which owns multiple manufacturing
companies (and declined to be named in this story). ”It was extremely
time-consuming. To look at one cross-section of 20 minutes of log files
would take six hours to get a forensics statement. It’s too late by then.
You’re always playing catch-up. What’s happened in the next hours has
already taken place so you’re telling your bosses what happened and not
what’s happening. It’s embarrassing.”
To better analyze the reams of information coming at him and to help stop
network intrusions, Guy implemented security event management software
from eIQnetworks, Inc., an Acton, Mass.-based security company.
Enterprise Security Analyzer V2.1 scans the information coming in from
Guy’s firewalls and intrusion detection systems, looking for unusual
patterns that might indicate a malware or hacker attack, or even a
corporate user who is breaking the rules from the inside.
”If you don’t know what’s happening across your gateways, it’s very
dangerous,” said Guy in an interview with Datamation.
”People can be coming in and doing things and you don’t even know it. A
firewall or intrusion detection device is only useful if you can get the
information to a central location.
”You have technology that defends against attacks but unless you have
the knowledge of when it’s occurring, what’s occurring and where it’s
coming from, it doesn’t do you any good,” he adds. ”We went from taking
six hours to look for a security event down to under a couple minutes. It
means we’re able to be aware of what’s happening. If you don’t have the
information, you can’t do anything.”
And this major holding company isn’t the only one turning to event
management software.
Nick Selby, an enterprise security analyst with The 451 Group, Inc., an
industry research firm based in New York City, says the market is
‘exploding’. And he only sees it continuing to grow.
”There are a lot of products on the network gathering information and
you need something to shove all of that information into a box so you can
look at it meaningfully,” says Selby, adding that eIQnetworks’ solution
is getting quite a bit of attention for being far cheaper than many of
its competitors. ”Without a product like this, it’s impossible if you’re
looking at a mid-size and up company… This specific technology is
critical now.”
But consolidating an unwieldy amount of information isn’t the only
benefit — not in a time of increased regulation.
”With regulations like Sarbanes-Oxley and HIPAA in place, there’s the
idea that you’re going to have to show that you have technical
controls,” Selby notes. ”You can’t just be in compliance. You’ve got to
be able to prove it. But above that, it would be nice to actually be
secure and not just compliant.”
And that combination of compliance needs and information consolidation
has pushed 30 percent to 35 percent of large companies to buy into event
management software, according to Jon Oltsik, a senior analyst with
Enterprise Strategy Group, an analyst firm based in Milford, Mass.
”This is a relatively new technology space and people tend to deal with
security in a tactical fashion,” says Oltsik. ”People are transitioning
to take a bigger look at security. There’s pretty convincing evidence
that shows that a tactical approach to security doesn’t work. There are
more threats. There are more attack vectors. The attacks are getting
nastier.”
Both Oltsik and Selby note that eIQnetworks has a lot of competition in the event management space. ArcSight, Inc. based in Cupertino, Calif., is considered to be the market leader, according to Selby. And netForensics, Inc., based in Edison, N.J., along with NetIQ Corp. in San Jose, Calif., also are big players in this area.
Selby says what has been setting eIQnetworks apart is its competitive pricing model. And that’s very attractive for mid-size to large companies trying to get a handle on a flood of security information, while also trying to get that overall view of what is trying to poke holes in their network protections.
A Forensic Tool
Part of that bigger picture view at the holding company was being able to
see what was happening on the insider of the perimeter.
Guy says he needed the ability to quickly find out what happened in a
certain part of the network between 10 a.m. and 10:15 a.m. But getting at
that information — without a pitchfork and a lot of time on his hands —
was never easy.
”When Enterprise Security Analyzer came out with their forensic tool, it
allowed us to go back and ask a very specific question,” says Guy, who
adds that they do a forensic search once or twice a week. ”You would not
believe what some of our users pull… We catch them going to Websites
that have not yet been blocked by the filters. We usually catch them
going to porn sites.
”By the nature of the source address, you can see what sites they went
to, what time and how long they were on it. From there, we turn it over
to human resources because we have that forensic report [to back us
up],” he adds. ”The person who finds that stuff had better be able to
defend it in court.”
And while a majority of the attacks come from the inside, Guy says the
event management tool also helps him spot malware attacks — even before
the anti-virus vendors send out new signatures.
”eIQnetworks doesn’t save us from worm attacks but it does allow us to
see where the attacks are coming from,” he says, noting that the
Enterprise Security Analyzer helped him stop a worm attack in its tracks
this past fall. ”We were able to see that we had an increased amount of
traffic on a certain port. We adjusted our intrusion detection system to
pick up the signature and then based on the reports, we were able to shut
the port down [in time]. Having that information allowed us to make a
great decision hours ahead of everyone else.”
If the worm had gotten through and infected Guy’s global system, he might
have been looking at sending out IT workers to clean up the company’s
5,800 computers scattered around the world. ”There’s no way to put a
dollar amount on it,” he says.
Staying Compliant and Proving It
Another type of protection is historical protection, according to the
Enterprise Strategy Group’s Oltsik.
By automating firewall and IDS logs, it’s easier to stay compliant with
new stringent regulations, like Sarbanes-Oxley. ”Automating it is more
efficient,” he adds. ”You also have to store that data for long periods
of time in case you need it.”
And Guy says they definitely need the report data that the Enterprise
Security Analyzer supplies ever week.
”If you say that you log a firewall and all the activity on it, the next
question out of the auditor’s mouth is ‘Can you produce reports and can
you produce stats on when you check the logs?’,” Guy points out. ”Every
Sunday, it sends out a Sarbanes-Oxley report to key managers informing
them who the largest abusers of the internal network are — the biggest
Web surfer, who’s getting denied going to Websites they shouldn’t be
visiting. With 68 firewalls, the report runs from 6 in the morning until
about 6 or 7 at night. Two- or three-page reports go to each manager and
there’s their Sarbanes-Oxley report.
”It keeps us out of legal trouble because every week I can inform the
managers about what’s happening.”
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.