It’s widely accepted that Security Information and Event Management (SIEM) systems are excellent tools for regulatory compliance, log management and analysis, trouble-shooting and forensic analysis. What’s surprising to many is that this technology can play a significant role in actively defending networks. This whitepaper explains precisely how real-time analysis, combined with in-memory correlation, and automated notification and remediation capabilities can provide unprecedented network visibility, security and control.
Network Security
The Case for Security Information and Event Management (SIEM) in Proactive Network Defense
It's widely accepted that Security Information and Event Management (SIEM) systems are excellent tools for regulatory compliance, log management and analysis, trouble-shooting and forensic analysis. What's surprising to many is that this technology can play a significant role in actively defending your network. This whitepaper explains precisely how real-time analysis, combined with in-memory correlation, and automated notification and remediation capabilities can provide you with unprecedented network visibility, security and control.
Information technology and security professionals are to a common taxonomy - effectively, a universal transla-literally drowning in data. The devices and systems tor is required to map the French, German, Russian and they've deployed to protect their organizations generate Chinese of the various technologies in to English.millions of events every day which are virtually impos-sible to analyze without automation. In spite of the Another major obstacle to real-time event correlation is complexity, this data must be analyzed - both to ensure the construction of the correlation rules. Few organiza-the integrity of the customer, credit card, or patient data, tions think in terms of correlation rules, but they are and also to meet serious regulatory requirements and certainly familiar with network policies and they can fiduciary responsibilities. describe business rules and objectives. The challenge is to find a way to bridge their knowledge and objectives To be effective in network defense, and not just for with the construction of correlation rules, without requir-forensic analysis, the network and security event data ing IT personnel to become system programmers.must also be analyzed and correlated in real-time. This information needs to be manageable and actionable At TriGeo we took a unique approach to security infor-as well. Forensics are not enough. Detecting and mation and event management (SIEM). Traditionally, stopping today's zero-day, multi-vector and blended the SIEM function was viewed as passive and forensic threats requires real-time, in-memory, analystics that can in nature. We recognized that SIEM sits in a unique capture, correlate and respond to network attacks and position in the network, and its enterprise-wide view insider abuse - at network speed. There are numerous represented an opportunity to create a new network obstacles to performing this task efficiently, securely and defense technology.with minimal personnel resources. At the heart of that technology is the ability to perform The information being analyzed from real-time event analysis and correlation. The millions of log files needs to be manageable and events flowing through management consoles would be virtually meaningless if it wasn't for the analysis and cor-actionable. Forensics are not enough. relation used to identify, notify and respond to suspicious Detecting and stopping today's zero-day, behavior, malicious activity and policy violations.multi-vector and blended threats requires In achieving our goal to deliver effective, affordable and real-time, in-memory, analystics that can usable real-time event correlation, TriGeo created truly capture, correlate and respond to net- innovative and ground-breaking technology. TriGeo has filed four patents around this core technological work attacks and insider abuse advantage which is real-time event correlation and active - at network speed. response or threat mitigation. The primary attributes of this technology are described below:The heart of security information and event management The first significant obstacle to real-time event cor- is correlation, and TriGeo's patent-pending technology relation is the fact is that none of the core defense operates entirely in memory. TriGeo's design suffers technologies deployed in the classic defense-in-depth from none of the database bottlenecks of competing and best-of-breed model are designed to communicate systems, which is critical in high-volume attack situ-with each other. They are simply point solutions and ations. As the only 64bit SIEM appliance, TriGeo's represent silos of information. The data from these multi-dimensional correlation engine can detect behav-disparate systems must be aggregated and normalized ioral anomalies... [download for more]
