The new tool is based on a product from ArcSight Inc. called Enterprise Security Management (ESM) that allows the FAA to centrally monitor, collect and analyze information from multiple network security devices such as firewalls and intrusion-detection systems.

The tool is part of a broader FAA bid to bolster its network defenses and incident-response capabilities after the 9/11 terrorist attacks, according to Michael Brown, director of the Office of Information Systems Security at the FAA.

'We were looking for a way to manage the large volume of information coming from multiple [network] sources [and] do a lot of correlation and data reduction,' he said. The goal is to help the agency better manage the large amount of information generated by security systems, Brown said.

ArcSight's ESM, like other products in its class from vendors such as netForensics Inc., NetIQ Corp., and Intellitactics Inc., is designed to help organizations quickly sift through the torrent of data generated by multiple security devices, allowing them to focus on the ones that are most important.

At the FAA, for instance, firewalls, system log files, vulnerability scanners and intrusion-detection systems together generate more than a million alerts a day -- only a very small fraction of which really merit any follow-up, Brown said.