Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


EMC Focuses enVision

Overhauls its SIM/SEM solution in an attempt to tap into enterprises' compliance requirements

EMC has stepped up its efforts around security event management (SEM), attempting to pull security data from a slew of different hardware and software offerings. (See RSA, EMC Integrate.)

The market for security event management (SEM), or security information manamagement (SIM), as it is also known, is growing, thanks to the recent explosion in compliance regulations, both in the U.S. and overseas. (See Vendors Strike SIM Note and Germany Goes Data Crazy.)

Sarbanes Oxley and the Health Insurance Portability and Accountability Act (HIPAA) were just the first in a series of regulations forcing CIOs to come to grips with a bewildering array of audit logs and security reports. (See Users Splash Cash on SOX, Research Finds HIPAA Ineffective, In Other Words, Lying, EU Compliance Looms for Stateside IT, and Top Tips for Compliance .)

In an attempt to tap into this trend, EMC has overhauled its enVision product, which became part of the vendor's RSA division after the storage giant bought Network Intelligence last year. (See EMC Pockets Network Intelligence, EMC Acquires RSA, and EnVision Proven Functional.)

In a nutshell, enVision consists of monitoring software running on a Windows server, which trawls through logs and reports sent from different parts of the data center.

Pulling log data from switches, routers, firewalls, and databases may seem a fairly mundane activity, but it's also a critical one, according to EMC. "What you're dealing with is hundreds of thousands of events per second," says John Worrall, vice president of information and event management in EMC's RSA division. "It's important to be able to sift through them very quickly and identify which ones relate to a problem that you have to deal with now."

Yesterday the vendor took the wraps off enVision version 3.5, which extends support for both EMC storage devices and hardware from third-party vendors. EMC has also enhanced the solution with features such as Triage, which allows users to quickly draw data from reports as they come in, and the creation of watchlists to check for specific security threats, such as denial-of-service (DOS) attacks.

At least one early adopter tells Byte and Switch that enVision has made his life much easier. "There's about 250 devices that we monitor -- it would be real tough to monitor them individually," says Chris Norris, senior IT security engineer at the American Modern Insurance Group (AMIG) in Cincinnati.

The exec explains that prior to deploying enVision, his firm was drowning in a sea of logs and reports. "The biggest benefit is the ability to deal with data that was previously impossible to deal with," he says, explaining that AMIG's firewalls alone generate between 500 and 700 events or reports per second. "That deluge of data was previously very difficult to manage and now it's not."

Despite these benefits, Norris admits that there are some areas where he would like to see enVision improved. "There is always expanding the list of supported devices. I would like to see more support for different anti-virus packages," from established vendors such as Symantec, McAfee, and Trend Micro, he says. (See Symantec Signals More M&A, McAfee Launches Appliances, and Trend Micro Serves up Protection.)

Last year, a report from Dark Reading revealed that almost a third of firms have already deployed some sort of security management product, although it warned that vendors have been slow developing links to other management systems. (See Enterprises Adopt SIM Tools.)

EMC is not the only vendor playing in this space, facing stiff competition from IBM with its Tivoli Security Compliance offering, as well as netForensics' nFX security platform, which is resold by HP. (See netForensics Manages Security Info and netForensics, HP Partner.)

Other vendors in this corner of the market include ArcSight, which recently announced a partnership with Oracle, and Cisco. (See Oracle Gains Partners and Execs Concerned About Data Loss.)

EMC's Worrall was unable to cite a standard list price for enVision when Byte and Switch contacted him, explaining that this depends very much on the application and the number of devices supported. "At the smaller end there are customers spending $30,000, [and at the high end] there are customers spending millions," he says.

— James Rogers, Senior Editor Byte and Switch

  • ArcSight Inc.
  • Cisco Systems Inc. (Nasdaq: CSCO)
  • EMC Corp. (NYSE: EMC)
  • Hewlett-Packard Co. (NYSE: HPQ)
  • IBM Corp. (NYSE: IBM)
  • McAfee Inc. (NYSE: MFE)
  • netForensics Inc.
  • Network Intelligence Corp.
  • Oracle Corp. (Nasdaq: ORCL)
  • RSA Security Inc. (Nasdaq: EMC)
  • Symantec Corp. (Nasdaq: SYMC)
  • Trend Micro Inc.


    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/6/2020
    Ripple20 Threatens Increasingly Connected Medical Devices
    Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
    DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
    Dark Reading Staff 6/30/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-07-06
    The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.
    PUBLISHED: 2020-07-06
    PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.
    PUBLISHED: 2020-07-06
    It's possible to inject JavaScript code via the html method.
    PUBLISHED: 2020-07-06
    It's possible to use <<script>script> in order to go over the filtering regex.
    PUBLISHED: 2020-07-06
    An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.