Request an Advisor
Get Listed

Spotlight Products (1)

 

AlienVault Unified Security Management by Alien Vault

AlienVault Unified Security Management™ (USM) provides full function Security Information and Event Management (SIEM) and log management software capabilities, with the added advantage of integrated host and network IDS, netflow analysis, and vulnerability assessment for complete security monitoring.

  • Provides log aggregation and storage plus full SIEM functionality with event correlation across all the built-in security tools
  • Includes network intrusion detection (NIDS), host-based intrusion detection (HIDS), and wireless intrusion detection (WIDS)
  • Combines asset discovery, vulnerability assessment, IDS, SIEM, and netflow analysis in one console
  • Utilizes real-time insights from OTX based on crowd-sourced info on known malicious hosts
  • Stays current with continuous updates including new rule sets, signatures, reports, and more
  • Offers full threat context and step-by-step response guidance for attacks
  • Deploys and provides insights in less than an hour

 

Products (15)

 

SecureVue by EiQ Networks

SecureVue Log Management & SIEM provides industry leading event and log collection, storage, correlation, reporting, and search functions. The solution supports a broad range of event sources including network infrastructure, security solutions, operating systems, and applications.

SecureVue improves on traditional log management through the collection and leverage of important contextual information from additional networked systems including vulnerability scanners, identity and access management systems, and network flow data. The SecureVue solution is also easily extended to support proprietary customer applications and legacy systems. 

 

Hawkeye AP by Hexis Cyber Solutions

With the increase in sophisticated attacks and the explosion of big data, large enterprises and government organizations are seeking solutions with advanced data analysis capabilities to address new found needs of collecting, storing, searching, and analyzing Big Data.

HawkEye AP, formerly Sensage’s Log Management solution, delivers an unparalleled solution with the industry’s most unique approach to analytics and intelligence – a flexible event data collection process and a clustered, columnar-based event data warehouse. 

HawkEye AP at a Glance:Security Intelligence

  • Ability to perform sophisticated correlations and contextual investigations against large volumes of data over time
  • Open access allows users to query event data directly from the Business Intelligence tools they prefer using ODBC/JDBC interfaces
  • Out-of-the-box reporting and dashboard tools
  • Flexible querying via a SQL-driven query wizard
  • Rich reporting capabilities including ad hoc reporting and pre-defined report templates that meet specific regulatory compliance

Event Data Collection

  • Agent-less collection of any event with a time stamp
  • Open architecture that interfaces with a variety of related technologies, including endpoints and network systems, storage, mobile solutions, other SIEMs, call center applications, etc.

Event Data Warehouse

  • Ability to store all event data in its native form, rather than metadata, an aggregation, or a normalized form – maintaining the integrity of the data for future use
  • Real-time ability to access terabytes of event data, without the need to extract from any archive – allowing for rapid response to investigations and queries
  • Massively Parallel Processing (MPP) enables linear scalability in handling large data volumes – highly compressed format reduces storage requirements

 

 

 

SolarWinds Log & Event Manager by Solarwinds

Log & Event Manager

“Just Right” SIEM for the Resource Sensitive Security Pro!

  • Gain the power of SIEM without hiring an army or spending a fortune
  • Increase security visibility with 24x7 automated monitoring and real-time analysis
  • Streamline audits and compliance reporting with expert developed pre-packaged templates and automated log management
  • Stop external attacks and internal misuse in their tracks with extensive pre-configured response actions
  • Perform rapid root cause analysis with built-in intelligence and strong visualization across network, systems, applications and security

 

 

EventTracker Enterprise by EventTracker

Improve Security, Maintain Compliance and Increase Operational Efficiency

The common element in the continually changing security environment is the loss of control. Ownership no longer means security or trust. Information can be stolen, manipulated and altered. Threats are no longer just external, but can be internal assets – employees who unwittingly, or deliberately – place the enterprise’s security in jeopardy.

Regulated industries are under greater scrutiny and pressure to protect confidential information and sensitive data. Meeting compliance requirements can be a costly endeavor as time and resources are constrained.

With EventTracker Enterprise, organizations have complete visibility into their IT infrastructure. Know what’s happening now, what happened previously, what changed, and be compliant. EventTracker offers a high-level view, but allows you to drill down to the most granular level and provide you with the information you need – whether you are in charge of overall implementation, security, and compliance, or focused on the details of the events of specific devices.

IT Security

The new language of effective security requires us to treat all endpoints in the system (users, devices, packets, URLs) as potential vulnerabilities or hostiles.

Traditional security controls like firewalls and antivirus are no longer effective: it is increasingly difficult to recognize when your enterprise has been breached or infected, and context is a necessary part of real-time security decisions. Organizations have different options to meet these turbulent and rapid changes, but adapting in the new security landscape requires a powerful and dynamic Security Information Event Management (SIEM) and event log management solution that can deliver vital and actionable data.

EventTracker Enterprise enables your organization to be aware of potential security risks and internal or external threats can be identified and eliminated before they are exploited. It guarantees your organization has the ability to respond to a security incident and have the necessary data and tools for forensic analysis. The total time required to investigate and mitigate a security incident can be reduced by up to 75 percent, minimizing the potential exposure and costs.

Regulatory Compliance

EventTracker Enterprise empowers organizations to maintain regulatory compliance and simplifies the audit process, reducing audit times by up to 90%. Detailed reporting minimizes the time and effort to determine potential gaps in compliance requirements, and address them efficiently.

EventTracker Enterprise processes hundreds of millions of discrete log messages to distill critical information to the organization and provides a 360o view of the entire IT infrastructure, offering real-time alerting and reporting. EventTracker allows organizations to maintain continuous compliance.

EventTracker Enterprise has built-in monitoring and reporting for FDCC, FFIEC, FISMA, GLBA, HIPAA, NERC, NISPOM, PCI-DSS and Sarbanes-Oxley (SOX 404).

IT Operations

EventTracker Enterprise greatly improves the efficiency and productivity of the IT staff by prioritizing operational incidents, and with real-time alerting, enables them to address the most critical incidents first.

 

RSA Security Analytics by EMC-RSA

Big Data Security

Capture massive amounts of diverse and rapidly changing security-relevant data – including network packets, logs, and asset information – and pivot on terabytes of data in real time, executing forensic investigations that once took days in just minutes.

High-Powered Analytics

Gain the insight to perform both short- and long-term free-form contextual analysis, eliminating blind spots and enabling security analysts to view and understand data better and faster than ever before.

Threat Intelligence

Fuse threat intelligence from the global security community and RSA FirstWatch with your organization’s data to know what to look for and leverage what others have already uncovered.

Compliance Support

Automate the generation of compliance reports and support long-term forensic analysis, proving compliance as an outcome of good security practices.

 

TIBCO LogLogic by Tibco

With the ability to process over 1,000,000 events per second from more than 10,000 devices, TIBCO LogLogic® prepares you to manage – and take advantage of – the explosive growth in machine data.

TIBCO® LogLogic is the only log management solution that offers you: -

  • Enterprise Class Log Management: The ability to ingest, process, and display Machine Big Data from any source to create a universal platform for security, compliance, IT operations.
  • Effortless Lifecycle: A plug-and-play, centrally managed platform automates the complete lifecycle of machine data. -
  • Predictive Intelligence for Machine Big Data: A complete solution that empowers your organization to anticipate risks and uncover opportunities by interpreting machine data for intelligent search and visual analytics.

Key enterprise-class features give you:

  • Universal Machine Big Data Strategy: Provides the right data, at the right time, at the right cost, to the right systems required for compliance, security, IT operations and application management solutions.
  • Actionable Insight into Machine Big Data: Discovers patterns in Machine Big Data and real-time events to immediately identify strategic business opportunities or threats.
  • Unified Management of All Log Sources: Provides a centralized solution for managing enterprise class machine generated big data from all assets across the entire infrastructure, and optimized to provide Logging as a Service (LaaS) for IT. 
  • Fastest Time from Event to Action: Dramatically reduces the time and costs needed to uncover information within enterprise-level data volumes and react in real time
 

Tenable Log Correlation Engine™ by Tenable Network Security

A Different Approach to SIEM

Tenable's security information and event management (SIEM) solution leverages the log management capabilities of the Log Correlation Engine (LCE) to collect all logs, software activity, user events, and network traffic. It analyzes all data for correlated events and impact on security and compliance posture. Event context and threat-list intelligence about any system is provided by Tenable Nessus vulnerability and configuration scans and real-time monitoring with the Tenable Passive Vulnerability Scanner (PVS).

  • Alerting - Configure and receive automatic alerts based on customized event thresholds. 
  • Event Correlation - Multiple forms of event correlation are available for all events including statistical anomalies, associating IDS event with vulnerabilities, and alerting on 'first time seen' events. 
  • Log Normalization - Normalize, correlate, and analyze user and network activity from log data generated by any device or application across the enterprise in a central portal. 
  • User Monitoring - Monitor user activity. Associate events such as a NetFlow, IDS detection, firewall log activity, file access, system error, or login failure with specific users for easy reporting and insider threat detection.
  • Full Log Indexing & Search - All logs are compressed and stored, whether they are normalized according to a rule or left raw. Using full-text search, you can rapidly search logs for keywords, user names, IP addresses, and many other terms. Log searches are stored with an independent checksum and can be re-launched at any time.
  • NetFlow Analysis - Each instance of the Tenable LCE includes agents for many different platform technologies. They can collect NetFlow traffic logs from routers, switches, and other network devices. 
  • Malware Detection - The Tenable LCE Windows client monitors all processes running on Windows machines for malware processes, and can alert the security team if malware is discovered.
  • Network Content Analysis - Analyze network traffic in real-time with Tenable PVS. It produces an accurate vulnerability report and a real-time forensic log of network events such as shared files, DNS lookups, and social network activity.

 

 

NetIQ Sentinel by NetIQ

Pure Power. Serious Simplicity.

Here's a security solution that isn't as complex as the problem.

NetIQ Sentinel™ is a full-featured Security Information and Event Management (SIEM) solution that simplifies the deployment, management and day-to-day use of SIEM, readily adapts to dynamic enterprise environments and delivers the true ""actionable intelligence"" security professionals need to quickly understand their threat posture and prioritize response.

Smart SIEM features - The information you need at your fingertips Government and internal audit policies mandate the need to collect, retain, and report against log data—but with so much information in so many different systems and formats, finding the information you need requires powerful ease of use.

Detects new threats quickly and easily - Sentinel 7 ships with packaged intelligence to detect many threats out-of-the-box without time consuming rule-writing and configuration. Built-in anomaly detection automatically establishes baselines of normal activity and detects changes that can represent emerging threats. New or custom rules can be created easily by business users through an intuitive graphical user interface.

Greater visibility into user activities - Understanding the ""who, what, when, and where"" of user system access is essential for controlling insider-based risks to information assets. Enriching security data with unique user identity information provides an enhanced level of user activity monitoring for greater visibility of internal threats to the environment.

Only need log management? - Sentinel Log Manager enables the collection, storage, analysis and management of IT infrastructure event and security logs, providing flexible and cost-efficient log management for mitigating risk and addressing compliance reporting needs.

 

Splunk App for Enterprise Security by Splunk

Splunk App for Enterprise Security

The Big Data Approach to Security Intelligence

Today's attackers have realized that many security teams simply can't see threats buried within operations data, due to organizational data silos, data collection issues, scalability challenges or a lack of analytics capabilities. They also have the resources to create attack scenarios that bypass security point products and traditional security information and event management (SIEM) systems. How can security professionals identify threats when they're hiding with terabytes of data generated through normal user activities?

Monitoring for known and unknown threats has become part of the revised security charter. Detecting advanced threats requires a flexible approach that can only be enabled by a scalable security intelligence platform. Splunk is able to make all data security relevant, empowering the business and security teams to work together to create business driven security and risk priorities. Only Splunk can turn tens of terabytes of data per day into information fueling comprehensive analysis of business risks.

 

LogRhythm Security Intelligence Platform by LogRhythm

SIEM with LogRhythm

Your infrastructure is increasingly under attack. The next generation SIEM capabilities delivered by LogRhythm's Security Intelligence Platform empower organizations to defend themselves from today’s rapidly evolving advanced cyber threats.

A New Standard in Security Information and Event Management

LogRhythm stands apart from first generation SIEM solutions by fully integrating log management and SIEM capabilities with File Integrity Monitoring and Machine Analytics combined with deep Host and Network Forensics. LogRhythm’s next generation SIEM analyzes all available log and machine data and combines it with deep forensic data capture at both the host and network level for true enterprise visibility. This insight is leveraged by AI Engine, LogRhythm’s patented Machine Analytics technology, to deliver automated, continuous analysis of all activity observed within the environment. The integrated architecture ensures that when threats and breaches are detected customers can quickly access a global view of activity enabling exceptionable security intelligence and rapid response.

LogRhythm's Next Gen SIEM platform delivers:

  • Real-time threat and breach detection and alerting
  • Advanced correlation and pattern recognition
  • User / Host / Network Behavior Anomaly Detection
  • Powerful search, rapid forensic analysis of all data 
  • Data visualization for long-term trending
  • Workflow enabled automatic responses via SmartResponse™
  • Integrated case management
  • Continuous compliance assurance via out-of-the-box automation suites
  • Powerful, out-of-the-box security analytics modules

 

 

EventLog Analyzer by ManageEngine

EventLog Analyzer is an IT Compliance & Event Log Management Software for SIEM

Your organizations IT infrastructure generate huge amount of logs every day and these machine generated logs have vital information that can provide powerful insights and network security intelligence into user behaviors, network anomalies, system downtime, policy violations, internal threats, regulatory compliance, etc. However, the task of analyzing these event logs and syslogs without automated log analyzer tools can be both time-consuming and painful if done manually.

EventLog Analyzer provides the most cost-effective Security Information and Event Management (SIEM) software on the market. Using this Log Analyzer software, organizations can automate the entire process of managing terabytes of machine generated logs by collecting, analyzing, searching, reporting, and archiving from one central location. This event log analyzer software helps to mitigate internal threats, monitor file integrity, conduct log forensics analysis, monitor privileged users and comply to different compliance regulatory bodies by intelligently analyzing your logs and instantly generating a variety of reports like user activity reports, regulatory compliance reports, historical trend reports, and more.

 

Trustwave SIEM by Trustwave

Trustwave SIEM Portfolio

SIEM technologies are helping businesses improve compliance management, and helping safeguard them from data breaches and fraud. Proactively "seeing" and preparing for evolving and advanced and persistent threats, and minimizing the impact of those threats by enabling you to collect, analyze, and assess security and non-security events for rapid identification, prioritization, and response are core benefits of our SIEM solutions.

Reduce Cost and Enhance Security

When you choose a Trustwave Security Information and Event Management (SIEM) solution to monitor and protect your data, you get superior quality and mature security and compliance coverage.

A Unified Security Approach

Trustwave SIEM solutions help businesses of all sizes protect their environment as part of both organizational compliance and defense-in-depth security strategies. We offer a variety of SIEM deployment options including software, managed security services and appliances that:

  • Are engineered and designed to address the full breadth of needs – from log management to sophisticated enterprise security demands.
  • Can scale from a single business site to multiple global 24x7x365 Security Operations Centers.
  • Function as the nerve center of your unified security approach, enabling other products to share intelligence and events that uncover threats that single, point products miss.
  • Include big data intelligent security capabilities as well as interoperability that enable flexible architectures and meet the toughest business, compliance, and technical requirements.

 

 

Enterprise Security Manager by McAfee

Effective security starts with real-time visibility into all activity on all systems, networks, databases, and applications. McAfee Enterprise Security Manager enables your business with true, real-time situational awareness and the speed and scale required to identify critical threats, respond intelligently, and ensure continuous compliance monitoring. Security teams now have access to real-time, risk relevant information to obtain a stronger security posture while shortening response time.

Advanced risk and threat detection — Enterprise Security Manager connects evolving threat data with a real-time understanding of the risk, asset importance, and security posture throughout the enterprise. This dynamic context, combined with our highly intelligent correlation engine, provides risk scoring and threat prioritization that continually adapts to the enterprise environment. In addition, available integration with McAfee Global Threat Intelligence (GTI) and McAfee ePolicy Orchestrator (McAfee ePO) software help you detect, correlate, and remediate threats in minutes across your entire IT infrastructure.

Policy-aware compliance management — As compliance requirements evolve, so must your SIEM. Enterprise Security Manager makes compliance management easy with hundreds of pre-built dashboards, complete audit trails, and reports for PCI DSS, HIPAA, NERC-CIP, FISMA, GLBA, SOX, and others. Our support for the Unified Control Framework also allows you to report your policies against more than 240 global regulations and control frameworks.

Critical facts in minutes, not hours — Our highly tuned appliance can collect, process, and correlate billions of events from multiple years and keep all information available locally for immediate ad hoc queries, forensics, rules validation, and compliance.

Global Threat Intelligence — An optional live feed of McAfee GTI IP Reputation data provides valuable, real-time information on external threats gathered from hundreds of millions of sensors around the globe, allowing you to pinpoint malicious activity on your network. Enterprise Security Manager can use the GTI IP Reputation data to quickly identify conditions where an internal host has communicated with a known bad actor.

 

IBM QRadar Security Intelligence Platform by IBM

Advanced software to detect and defend against network security threats

IBM® QRadar® Security Intelligence Platform products provide a unified architecture for integrating security information and event management (SIEM), log management, anomaly detection, incident forensics and configuration and vulnerability management. These products offer advanced threat detection, greater ease of use and lower total cost of ownership.

IBM QRadar Security Intelligence Platform products deliver:

  • A single architecture for analyzing log, flow, vulnerability, user and asset data.
  • Near real-time correlation and behavioral anomaly detection to identify high-risk threats.
  • High-priority incident detection among billions of data points.
  • Full visibility into network, application and user activity.
  • Automated regulatory compliance with collection, correlation and reporting capabilities.

 

 

ArcSight ESM by HP

HP ArcSight Enterprise Security Manager (ESM) provides a Big Data analytics approach to enterprise security, transforming Big Data into actionable intelligence that can reduce the cost of a breach and help minimize risk to business. 

In order for businesses to protect their critical data and intellectual assets, security teams need solutions that can provide timely, relevant intelligence to help them quickly detect and respond to breaches. Data volumes have exploded, making it difficult to identify the high-risk anomalies or trends that exist in your event logs. Cyber criminals have become more sophisticated, camouflaging their attacks inside mountains of your data. 

Without the right tools, organizations cannot respond quickly, losing valuable time through inefficient analysis of forensic data after a breach. Most often, companies find out about breaches when they are notified by a third party, unaware their security systems had been compromised. 

Product Overview

Webinar

Datasheet

White Paper

New Product Release

Customer Testimonial

Case Study

Corporate Overview