Such is the case for NetIQ Corp., a San Jose, Calif.-based company that once focused on systems management. After merging with Mission Critical Software and WebTrends, though, it now finds itself with a stable of security products as well.

Only a few months removed from its WebTrends acquisition, NetIQ has announced the integration of the WebTrends Security Analyzer and Firewall Suite products with NetIQ's Security Manager. The company is positioning Security Manager as a central security console, capable of monitoring and correlating alerts from NetIQ security products as well as third-party security tools, says Mike Mychalczuk, product manager for security products.

Security Manager is essentially a high-volume log consolidation engine, capable of processing at least 60 events per second, Mychalczuk says. Events can include device log entries, flat text files, SNMP alerts and API-to-API calls. Users write rules that dictate what Security Manager looks for in the mass of log data and what actions it should take should a serious alert be found.

For example, Mychalczuk says one customer uses Security Manager to monitor firewall logs for evidence of port scans. When it detects one, the product finds the IP address that originated the scan and adds it to the list of IP addresses denied access to the company's Web servers.

NetIQ is not the first to pitch the idea of a central security console, as competitors such as E-Security, Inc. have been at it for more than a year now. But the integration of Security Manager with Firewall Suite and Security Analyzer puts some teeth into the idea.

Firewall Suite supports more than 30 firewall products, itself analyzing log files and reporting critical events as well as potential vulnerabilities. Security Analyzer is a vulnerability scanning and assessment engine that works in both host and network modes. It supports more than 2,300 vulnerability tests for Windows 9x, NT and 2000, Solaris, Red Hat Linux and various applications. Both products will now feed data into the console, enabling them to be centrally monitored and managed.

Combining the products also provides for a degree of automation in security management. For example, if the Security Analyzer detects that a server is vulnerable to a known exploit, Security Manager could shut down the server until a patch is applied, or take some other user-defined action.

Security Manager also correlates data coming from different devices. If an intrusion detection system and an anti-virus product both detect a Trojan horse attack, for instance, that might be assigned a higher level of severity than if only one of the systems caught it. Correlation can also be used to identify potential problem areas, such as a network segment where PCs do not receive regular anti-virus updates.

Other products in the NetIQ stable include the Directory and Resource Administrator, originally from Mission Critical Software, which provides for policy-based management of the data in Windows NT and 2000 directories. It allows for distributed administration of user access rights and ensures that data conforms to consistent formats, preventing the "content pollution" that Mychalczuk says can lead to security vulnerabilities.

Another product, File and Storage Administrator, tracks file system permissions and usage across hundreds of servers, enabling administrators to track who has access to what files. It also provides for delegation of security permission administration.

Security Manager costs $900 per Windows NT or 2000 server, $1,500 for Advanced Server and $35 per Windows NT or 2000 workstation. Console software costs $2,500 for the Microsoft Management Console version and $2,500 for a Web version good for five clients. Security Analyzer pricing starts at $1,200 for 20 nodes, with additional nodes ranging from $30 to $60 each, depending on quantity. Firewall Suite costs $2,998 per firewall including a one-year maintenance contract.

All the products are available now, including the Security Manager integration components.

www.netiq.com