Products - The Normalizer

The Normalizer makes sense out of the widespread jumbled mess that is today's enterprise security information. Increasingly security and application data is stored on the proliferating number of machines that create it. The Normalizer brings that data together, sorts through it, standardizes terminology, and creates signal out of noise.

Read about The Normalizer in the summary below, or download the white paper Normalizer Overview (PDF format) for more details.

Summary

Security information is typically difficult for an enterprise to understand, process and use because it comes from widely distributed and isolated sources that employ varied platforms, formats and jargons. The Normalizer application collects and processes the disparate security data to produce a single, standardized output. The Normalizer enables an enterprise to obtain a unified view of all its security information. The Normalized output can then be subjected to specific and general queries in order to highlight important security events that otherwise might go unnoticed. The Normalizer solves the problem of scattered and uncoordinated security information getting "lost in the shuffle." Perfectway's products are designed so that the security information most important to that customer can be understood by both information technology professionals and less technically proficient managers and executives of the enterprise.

The Normalizer is particularly important to a financial institution. Federal regulations implemented pursuant to the Gramm-Leach Bliley Act now require a financial institution to "coordinate all elements of its information security program." Dispersed and uncoordinated security information does not comply. The Normalizer enables a financial institution to comply with the new federal regulations while at the same time gaining a much clearer understanding of the state of its information technology security throughout the enterprise.

Perfectway places no software on the customer's servers or clients (e.g., individual workstations). Rather, the Normalizer process calls for the security data information already being generated by the customer's network, in the form of log collected throughout the enterprise, to be sent to a Normalizer server. The Normalizer server accepts this flow of security data from differing systems and in divergent formats. The Normalizer processes the data to produce a standardized output.

The customer has several options on where to send the normalized output. The customer can send the output to a database, which can then be queried to obtain answers to questions regarding the entire enterprise, as opposed to a single input source. The customer can direct the normalized output to its network management console. The customer can have the output sent to its IT security professionals by email. The customer can send normalized output to a file to be maintained for regulatory compliance purposes. Finally, the customer can do all the above.

One of the advantages of the Normalizer is that it works with the customer's existing infrastructure. The Normalizer does not require the customer to replace any existing equipment or software - for either end of the process. The inputs come from the disparate sources where the customer already collects security data, in their existing disparate formats. The normalized output gets sent to where the customer chooses within the customer's existing infrastructure.

Another important advantage of the Normalizer is that it assists the customer in guarding against both internal and external security threats. IT security professionals are well aware of the fact that in many organizations, including financial institutions, the most serious threats come from inside the organization. Both inadvertent and intentional employee misuse of information technology can have devastating impacts on the organization. IT security professionals identify various internal threats as giving them the most concern. Yet, presently IT departments spend more money on tools that guard the perimeter of their networks than on any other need. (2001 Information Security Industry Survey, October 2001).

The Normalizer provides a means for IT security professionals to work on defending against external and internal threats at the same time. Moreover, by integrating the external security data (such as the output from intrusion detection devices) with the internal security data (such as file server logs), the Normalizer provides a means of determining whether there is any relationship between the data generated from external sources with the data generated from internal sources.

The Normalizer is proven technology that has been developed and improved over a number of years. Perfectway sold version 1.0 of the Normalizer in 1998. One of Perfectway's large international financial institution customers drives tens of gigabytes of data through the Normalizer version 1.0 daily. Version 1.0's principal features are log data centralization to a security-hardened platform and log data format standardization. These features are particularly important to financial institution customers in light of the federal regulations.

The Company introduced version 2.0 in June 2001. Version 2.0 is presently used by several smaller financial firms. In version 2.0, the Company added object oriented relational database queries and object code compilation to the log centralization and log normalization features.

Version 3.0 is scheduled for release in the spring of 2002. Version 3.0 will add self-contained appliance packaging and a rudimentary query engine with packaged pre-defined queries to the features already present in versions 1.0 and 2.0.