Security Information & Event Management (SIEM)
Comprehensive Log Management to for Enhanced Network Security and Compliance
With networks and systems as complex and interdependent as they are, security vulnerabilities are becoming harder to detect and control. External security threats can occur when malicious agents or groups launch denial of service or intrusion attempts via wired or wireless access or through malware propagation. Internal security threats are even more commonplace, with unauthorized users having the potential to gain access to sensitive information and devices. In fact, simple and inadvertent mistakes like leaving a logged on application screen can become an easy entry point for rogue users to make unauthorized changes, compromise data protection and endanger network security. At the same time, privacy and regulatory rules are becoming more stringent and organizations have to put in place adequate security measures to prove compliance, perform forensics and support law enforcement investigations - if in fact a breach does happen.
The WhatsUp Event Log Management solution provides comprehensive support for security information and event management across the network, systems and application infrastructure. It collects, analyzes, stores, filters and reports on volumes of log data constantly being generated by Windows, Unix and Linux systems or from routers, switches, firewall and IPS/IDS devices. Since manual intervention and identification of security vulnerabilities and compliance breaches is impossible, WhatsUp Event Log products provide the automation and intelligence to undertake these tasks. Managers and compliance officers are assured of a database of log records that can be accessed and analyzed to either prevent a breach in near real-time or used to define policies and processes that could avoid future incidents.
| SEIM Management Challenge |
WhatsUp Gold Solution |
| Pre-empt and thwart security incidents as they happen |
The WhatsUp Event Alarm system continuously monitors and analyzes Windows Event and Syslog records for identified threat patterns in near real-time and alerts administrators as required. |
| Deliver operational support for troubleshooting and compliance assurance |
Rapid visualization and filtering of enormous volumes of raw log data is crucial for immediate operational response and triage. WhatsUp Event Rover provides the ability for on-the-fly reviewing and data mining of Windows event and Syslog files for operations and compliance support. |
| Establish security and log management policies |
With the diversity of logs and log management methodologies across Windows and Syslog versions, WhatsUp Event Analyst delivers normalized reporting and benchmarking that is crucial for common understanding of security information and policy definition. |
| Log archival and compliance assessment |
Infrastructure components constantly generate log messages reporting on changes and activity – whether routine or malicious. WhatsUp Event Archiver collects and stores high volume Windows event and Syslog files to support later forensic analysis and compliance audits. |
