Description
Vulnerability Analysis. Internet-based attack tools are becoming increasingly sophisticated and increasingly easy to use. NIH's network could contain vulnerabilities that attackers can exploit to gain access, even when NIH has secured the network perimeter with firewalls and intrusion detection systems. In order to proactively find and plug such holes NIH will require the use of both vulnerability assessment products and vulnerability assessment services.
System Monitoring and Logging. Identifying and reacting to security incidents in real-time requires comprehensive system and network monitoring, Furthermore the ability to aggregate alarms and other information from disparate systems is necessary to correlate events and identify an incident.
Brick Information
Tactical
(0-2 years)
|
Strategic
(2-5 years)
|
|
|
Retirement
(To be eliminated)
|
Containment
(No new development)
|
|
|
Baseline
(Today)
|
Emerging
(To track)
|
- Event Monitoring
- Computer Associates TNG
- HP Openview
- HP ITO
- Fluke Optview
- Fluke Link Analyzer
- Fluke Network Inspector
- Quest Software Big Brother
- Open NMS
- NetIQ
- Ipswitch What’s Up Gold
- Deepmetrix ipMonitor
- Log Monitoring
- Microsoft Operations Manager
- Log Analysis
- Envision
- Central Syslog Facility
- Router/switch logging
- Remote syslog
- OS Logging
- Microsoft Operations Manager
|
|
Comments
Time Table
This architecture definition approved on:
July 28, 2003
The next review is scheduled in:
TBD