OpenService, Inc. this week announced a bundled suite of security threat management tools intended to be simpler to deploy and operate than the previously separate products.

The company's Security Threat Manager suite is a pre-packaged version of existing OpenService products, including: the NerveCenter 3.8 correlation engine, SystemWatch Security Agent and a reporting engine from the Pulsar xSP service level management product. Users get a simplified view into all the tools via the Open Management Console and the suite comes with a set of predefined correlation rules that users can customize as necessary.

"We've moved from a toolkit approach, where customers buy components and integrate them, to providing a single CD," with all the integration done ahead of time, says Phil Hollows, vice president of product marketing at OpenService, based in Westborough, Mass. "It saves lots of time and effort and hides complexity with a simplified user interface."

Security Threat Manager can collect and act on events coming from a range of resources. They include firewalls from Check Point, ISS, Cisco Systems and others, syslog and text files, events conforming to the Check Point OPSEC formats, as well as operating systems including Windows NT and 2000, Solaris, Linux and HP/UX.

The suite is focused on performing correlation in real time, as opposed to mining a database for related security events, Hollows says. It also uses a computational approach, where the SystemWatch Security Agents perform some event processing at the local level, to improve scalability. The agents perform data normalization and some filtering, to reduce data flows "by an order of magnitude or more," he says.

Among the new features included in the suite is a set of correlation rules that help users identify an attack by pulling together alert data from different sources. Wizards included in NerveCenter 3.8 also make it easier for users to write their own rules, Hollows says.

OpenService also seeks to point users to additional resources related to raw event data, such as a Cisco Web site containing data on how to handle an event coming from a Cisco IDS.

Security Threat Manager pricing depends on configuration, but Hollows says typical enterprise deployments cost between $100,000 and $400,000.