Alcatel-Lucent unveils unique service risk management tool that assesses network vulnerability and provides prioritized recommendations

Alcatel-Lucent (Euronext Paris and NYSE: ALU) has unveiled the Alcatel-Lucent Service Risk Management (SRM) product, a unique technology geared to support the security needs of carriers, managed security service providers and medium-to-large enterprises. It significantly reduces the time and operational costs associated with identifying security vulnerabilities, enabling companies to more quickly deploy remediation activities.

Alcatel-Lucent’s security management system leverages information inherent in the operating support systems and IT systems of service providers and enterprises to instantly assess the potential impact of threats identified by the Alcatel-Lucent Threat Management Centre to network security. The centre offers threat management services that provide vulnerability detection, security monitoring and incident response capabilities, which leverage Alcatel-Lucent’s experience as the co-founder and operator of the Computer Emergency Response Team – Industry, Services and Tertiary (CERT-IST).

The SRM is being showcased in live demonstrations at TeleManagement World in Nice May 20-24.

This comprehensive scalable security solution was developed in response to the broad deployment of feature-rich services by carrier and large enterprises and their need for an expanded level of network vulnerability assessments.

The solution is an intelligent risk analysis engine that maps the known infrastructure (Information Technology and Network Technology) assets to a vulnerability database. The vulnerability database is maintained through regular updates from the Alcatel-Lucent Threat Management Centre. Using information available in the OSS, Network Management Systems (NMS) and IT Management Systems, the SRM creates a service level view of the assets and network topology based on real business needs of the organization. As vulnerabilities and security exposure are identified in the network, the potential impact is ranked and prioritized according to those business needs. Using this tool, security staff can rapidly pinpoint the key set of vulnerabilities and setup a plan for remediation efforts.

Other systems and applications available for vulnerability assessment and management today tend to rely on scanning techniques to identify the potential security vulnerabilities. While an effective scanning approach is critical to a comprehensive security solution, it is not a solution that can be used network wide on a daily basis. With more than 20 vulnerability advisories being published on a daily basis, to be effective vulnerability assessment and management need to move beyond periodic scanning techniques and make use of effective inventory and configuration data that can be referenced immediately. The SRM is the first solution to address the needs of the carrier and enterprise in this way.

“As carriers and service providers expand their product portfolio to offer feature-rich triple-play services, the systems and applications they run will be increasingly exposed to security vulnerabilities. Customers will have access to high-definition content through legitimate services,” said Doug Wiemer, Director of the SRM project within Alcatel-Lucent Ventures. “Hackers, on-the-other-hand, must be prevented from leveraging the potential for exposure of these systems to abuse. The SRM was developed to help optimize the efforts of vulnerability management, reduce the risk of security exposure and reduce the operational costs associated to securing the infrastructure.”

The concept of SRM was initially conceived as a collaborative research project between Defense Research and Development Canada (DRDC) and the Alcatel-Lucent Research and Innovation center in Canada. The research project was incubated by Alcatel-Lucent Ventures - an initiative to commercialize unique innovations out of Alcatel-Lucent’s research community. The SRM product is expected to be generally available in the third quarter of 2007.

“The SRM is based on risk and vulnerability management research that was conducted in collaboration with Defence Research and Development Canada, under the Defence Industrial Research Program. The successful research phase resulted in methods to link security exposure to mission or service delivery risk management,” said Dr. Julie Lefebvre, head of the Network Information Operations section at DRDC. “The ability to have near-real-time understanding of security vulnerability exposure, rather than waiting for the next periodic scan, was also very interesting for defence research.”

Interoperable with Third-Party Solutions

The SRM is interoperable with third party OSS, NMS and IT Management systems for asset and inventory management. An open application programming interface (API) has been developed to facilitate rapid integration and deployment in any network and IT environment where OSS, NMS, inventory systems or configuration management systems are used.