EContentmag.com Home
Search EContent:
25,000+ articles now available in ITI's new full-text digital archive: ITI-InfoCentral.com!
Visit ITI's Enterprise Search Center!
Newsletter
EContent Xtra
Research Centers
Content Commerce
Content Creation & Digital Publishing
Content Delivery
Content Distribution
Content Integration
Content Management
Content Security
Digital Asset Management
Fee-Based Information Services
Intranets and Portals
KM & Collaboration
Mobile & Wireless Content
News/Finance/Business
Online Community
Rich Media
Sci-Tech/Medical
Search Technology
Taxonomy
Web Services


Columns
After Thought
Agile Minds
Behind the Firewall
DisContent
Edit This
Eureka
Follow the Money
Guest Column
I Column Like I CM
Info Insider
Info Pro
Technology Watch

In Focus
EContent 100
EContent 100 Videos
Past Issues

Services
About EContent
Advertising
Subscribe to
EContent Magazine
EContent Xtra
Newsletters
RSS Feeds from EContentMag.comFeeds


Awards
2009 Apex
2008 ASBPE
2008 Tabbies
2008 Apex
2007 Tabbies
2007 Apex
2006 Tabbies
2006 Apex
2005 Tabbies
2005 Apex
2004 Tabbies
CERT and ArcSight Join Forces to Battle Cyberthreats
By Sandy Serva - October 2003 Issue, Posted Oct 06, 2003 Print Version   Page 1 of 1

In an era when cyberterrorism is more than just a nuisance, the need to provide effective means to thwart such attacks is critical for today's leading businesses and universities, as well as the general public. To help create technology for security information sharing and research, Carnegie Mellon University's CERT Coordination Center located at its Software Engineering Institute in Pittsburgh, PA, and enterprise security risk management software provider ArcSight, headquartered in Sunnyvale, CA, have launched the Cyber Security Information Sharing Project (CSISP). Along with three other universities yet to be named, the new group plans to conduct ongoing research to find solutions that will enable companies' to uncover and effectively fight off cyberattacks by using information gathered from throughout the security community. Each participating school will act as a data-collection end point and send attack information straight to the CERT Coordination Center (CERT/CC).

"We are pleased that ArcSight is offering its technology to help improve the state-of-art in event aggregation, security analysis, and incident management," says CERT director Rich Pethia. "The unique combination of private enterprise, public scholarship, and research embodied in CSISP is an innovative model that will contribute to the reduction in overall risk to the United States due to serious cyberthreats and attacks."

The CERT/CC was established in 1998 to provide technical advice and to coordinate responses to security risks. The organization identifies trends to intruder activity and works with other security experts such as AusCERT to develop solutions for security problems and then releases these strategies to the broad community. CERT also publishes technical documents and provides security-training courses.

If the project works, it could be used as a model for data-sharing initiatives for the government and private sectors. As cyberthreats continue to escalate, the initiative seeks to improve a current system that is slower in responding to requests for help. For instance, those businesses now reporting potential security threats to CERT must either call an 800 number or fill out a form on its Web site and then wait for answers.

The concept of developing a security information-sharing environment comes from the White House's Strategy to Secure Cyberspace, known as an Information Sharing and Analysis Center (ISAC). To help facilitate a real-world ISAC environment, ArcSight will install its security risk management software at CERT and the other universities. ArcSight's distributed security architecture will act as a local monitoring and aggregation point for relevant security data coming from devices like firewalls and intrusion detection systems.

The project will also allow for testing and enhancing emerging security data-sharing standards including the Intrusion Detection Message Exchange Format and the Intrusion Detection Message Exchange Format both of which have been submitted as standards to the Internet Engineering Task Force.

CERT will manage the CSISP program and ArcSight will work with the organization to refine the messaging mechanisms that are designed to support the ISAC function. A particular emphasis will be placed on addressing message content, confidentiality, and privacy. It is hoped that new discoveries and innovations will emerge and can then be made available to the general public in the form of conference presentations, published research, and general announcements.

"The United States needs powerful assets in the war against cyberterrorism," says ArcSight's Chairman and CEO Robert Shaw. "We are proud to be a catalyst with the CERT/CC in assembling a potent group of researchers and security practitioners to accelerate the development of the technologies required to implement Information Sharing and Analysis Centers."
(www.cert.org)
Print Version   Page 1 of 1
directory
»   Read the 15 minute guide to Enterprise Content Management
»   Read the 15-Minute Guide to Best Practices in Correspondence Management
»   ITIResearch.com - A collection of market research and reports for executive management and business & IT professionals
»   Publishers rely on Acquire Media's Syndication Suite to deliver content to target audiences with pinpoint accuracy.
»   Migrate Legacy Data – Register with Open Text for a FREE trial

All Content Copyright © 1998 - 2010, Online: a Division of Information Today Inc.
48 South Main St., Suite 3 · Newtown, CT 06470-2140
(203) 761-1466, (800) 248-8466 · Fax (203) 304-9300 · custserv@infotoday.com
PRIVACY POLICY