RealTime IT News

Locking Down the Enterprise at RSA

Those who want to know what the security industry is doing are paying close attention to the U.S. RSA Conference, this week in San Francisco. If the new products on display are any indication, the theme of this year's conference is enterprise data security, focusing on data loss prevention (DLP) and compliance with industry and government standards.

RSA set the theme last week with its first announcement related to the show, the release of version 7.0 of its DLP suite.

There's a clear need for improvements on the desktop, where Microsoft said last week that victims continue to fall succumb to a whole category of exploits that are avoidable, and also on the business side, where Verizon Business reported serious security lapses at many enterprises.

Numerous companies are announcing new products on the first day of the show, and offerings from CA fit the theme, with the release of an Enterprise Log Manager (ELM), and Role and Compliance Manager (R&CM) and a DLP solution.

As the security landscape changes, CA is adjusting, it said. "Over the past year, we've gone through our portfolio and conducted an analysis of our offerings and of where we think the market is going," said Lina Liberti, vice president of security product marketing for CA.

The result: several acquisitions in the past six months. Although the ELM product was built in-house, the R&CM product builds on CA's Eurekify acquisition, and the DLP product builds on CA's Orchestria acquisition, so while CA is willing and able to develop new product lines of its own, it is also able to acquire and integrate them.

With so many products targeting the same areas, Liberti said that CA's holistic view of security makes it stand out. "We don't just lock down the servers and say, 'That's compliance,' or just protect the data," she said. "We take it up to the next level to prove compliance. For example, if you need to show that you're PCI-compliant, we have a report that shows you don't have orphan accounts that exceed 90 days."

While industry regulations are specific, some government regulations are more vague. "Sarbanes-Oxley (SOX) is not as clearly defined," Liberti said. "But we put the workflow in place to allow you to certify documents and to show that certification has occurred. We are improving, automating, and documenting the process."

The challenge, Liberti said, is to help companies minimize risk without sacrificing productivity. To prove its value, the software is designed to automate important tasks. In the case of R&CM, it tracks who has access to what. DLP ties back into the identity management features of R&CM, relating the use of data to the people who are using it. Finally, the ELM product automates log management and provides over 200 reports designed to help enterprises meet government and industry standards.

Put it all together, and there are real benefits, Liberti said. "In our keynote at RSA on Tuesday, Dave Hanson, corporate senior vice president and general manager of CA's security business unit, will explain how the combination of DLP, identity management, and key management demonstrate the value of our holistic approach to security. One plus one gives you ten."

ELM is priced per log-sourcing device, starting at $120; R&CM is priced per user starting at $0.70 for external users and $12 per internal user, and DLP is priced based on the number of users in the enterprise, starting at $100,000.

Page 2: Point prevention and the cloud