<![CDATA[[SecurityRatty] tag: sims]]> http://securityratty.com/tag/sims Tue, 11 Mar 2008 21:00:00 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[Is IF-MAP the spark that will ignite theTCG/TNC and the security industry?]]> http://securityratty.com/article/9bb14b4ce6033e3aaabea0ddf8020db1 http://securityratty.com/article/9bb14b4ce6033e3aaabea0ddf8020db1 If_map The big news at Interop yesterday was the new IF-MAP specification and standard announced by the Trusted Computing Group/ TNC group. Some may call it TCG NAC 2.0 but it actually goes way beyond just NAC. IF-MAP represents a method that allows disparate security technologies to talk to each other and leverage the information gathered from multiple sources to make better and more secure decisions about network devices, users and traffic. It has huge implications for not only NAC, but IDS/IPS, vulnerability management, SIMs, etc. Also, it represents a real opportunity for the TCG/TNC to move out beyond the shadow of NAP and really become a dominant standard for the network and security industry to rally around.

The idea behind IF-MAP is that data is stored in a central container called a MAP or meta-data access point. This data can be called upon or supplemented with more data from a wide variety of sources. You can publish, search or subscribe to the data. The format is XML. The diagram (which you can click on for a bigger version) on the left shows a sample multi-vendor configuration, but the combinations are endless. To get a better flavor for what you can do you can click here to see a PDF presentation by the TCG of IF-MAP.

I had a chance to speak about IF-MAP with Steve Hanna and Mike Fratto. If it does indeed become widely adopted this can have a profound impact on our industry. Also, Steve and the TNC is very much looking to diversify and distribute the administration of the MAP among many vendors so that it does not become a single vendor steered standard. I applaud Steve and the rest of the group for working so hard on MAP. I challenge the rest of the industry to take a look at it and work towards adopting it. It truly can help be a win for all security vendors, but most of all a win for security administrators who would finally be able to use best-of-breed products from different vendors and have them talk to and work with each other.

]]> Wed, 30 Apr 2008 05:25:12 +0000 if-map if-map specification map if-map represents represents security industry industry data meta-data access Is IF-MAP the spark that will ignite theTCG/TNC and the security industry? <![CDATA[Links for 2008-03-11 [del.icio.us]]]> http://securityratty.com/article/cdcba6c8662cb7e405cb7df9772262b9 http://securityratty.com/article/cdcba6c8662cb7e405cb7df9772262b9
  • ROSI: Security Returns? | BlogInfoSec.com
  • Devil's Advocate Security - About Logging TLR
  • Challenges behind operational integration of security and network management
    To integrate a SIMs into a useful tool that both SOC and NOC team members can utilize, the process of successfully "filtering" alerts takes utmost priority.
    • ]]>     Tue, 11 Mar 2008 21:00:00 +0000 security returns security operational integration noc team network management devil challenges process sims Links for 2008-03-11 [del.icio.us]