|
SIEM
products use data aggregation and event correlation features similar to those of
network-management software products but applies them to event logs generated
from security devices such as firewalls, routers, proxy servers,
intrusion-detection systems, email programs and antivirus software. SIEM products
typically normalize data in order to apply user created rules or out-of-the-box
rules. Typically SIEM solutions will translate events such as Cisco and Check
Point Software alerts into a common format so the data can be correlated. Like
network-management software, SIEM tools generally consist of server software,
agents installed either on servers or security devices, and a central management
console. SIEM solutions may include an appliance installed on a network for
collection.
The
below products automate the manual process of collecting event-log data from
file systems, security appliances and other network devices like firewalls,
routers, proxy servers, intrusion-detection systems, anti-virus software,
in-line content filters, scanners, biometric devices, crypto suites and sensors.
When deciding on a specific solution you need to have an accurate
inventory of what you have before you choose a SIEM product. If the SIEM vendor
can't monitor all your devices, you will need to collect the data manually or
use more than one tool.
The
ROI for such systems is based on the time savings and additional productivity in
having a single view of your security events and helping you to quickly spot
problems through alerting and messaging. Deep forensics of specific events along
with storage and archival of events are other factors to consider. Another major
benefit of SEM is in helping you create reports for regulatory compliance.
Activeworx
Security Center - Editors’ Pick
CrossTec Corporation. - Security Products Division
6812
Old 28th Street, Suite 4
Grand
Rapids, MI 49546
Sales
Telephone: 616-949-2177 - Toll Free: 877-512-4134
www.CrossTecCorp.com/ActiveWorx
services@CrossTecCorp.com
Starting at just $4,900, Activeworx Security Center does
most of what the more expensive products do at a much lower price point and
offers free technical support. ASC’s new Activeworx Event Framework (AEF)
collects events from virtually any device on your network into a single view.
This allows for advanced tracking, searching, relationship graphing, and
relationship diagramming of an organization’s security posture. Activeworx
features built-in detailed reporting capabilities which enable security
administrators to quickly generate reports for investigative or compliance
purposes such as those required by PCI, GLBA, HIPAA, and Sarbanes-Oxley. These reports detail the overall security posture, provide historical
reporting and report on any incidents of interest.
Activeworx supports over 200 different security devices and
their technical support will map and normalize the log data of new devices
during the evaluation period, normally with a one day turn-around. Activeworx
began as, and still offers, a free tool for a monitoring a single Snort
(tm) IDS sensor and for Honeynets (activeworx.org).
The commercial version of Activeworx
provides real-time monitoring of security events, alerting and messaging of
issues and offers forensic tools to delve into specific events. Activeworx is
ideal for most mid to large size organizations and managed security service
providers. Large and multisite networks can have logs/data source traffic added
automatically via VPN, VLAN, etc. Snort syslog configuration and functionality
is a particular strength of ActiveWorx
www.CrossTecCorp.com
Download product brochure:
http://www.crossteccorp.com/activeworx/ASC%20ctc.pdf
| 
