The Enterasys Security Information and Event Manager (SIEM) product combines best-in-class detection methodologies with behavioral analysis and information from third party vulnerability assessment tools to provide the industry's most intelligent security management solution. Enterasys SIEM delivers actionable information to effectively manage the security posture for organizations of all sizes.
The challenge created by most threat detection systems is the volume of information they generate - making it difficult to determine which vulnerabilities require an immediate, high priority response. The Enterasys SIEM solution addresses this challenge and provides powerful tools that enable the security operations team to proactively manage complex IT security infrastructures.
The SIEM offers High Availability (HA) functionality that ensures availability of SIEM data in the event of a hardware or network failure. HA provides automatic failover and full disk replication between a primary and secondary host. The secondary host maintains the same data as the primary host by either replicating the data on the primary host or accessing a shared external storage. At regular intervals the secondary host sends a heartbeat ping to the primary host to detect hardware or network failure. If the secondary host detects a failure, the secondary host automatically assumes all responsibilities of the primary host. The Enterasys SIEM HA functionality is easily and cost-effectively deployed through appliances and wizards without requiring additional fault management solutions and storage options.
SIEM all-in-one and enterprise base appliances
Enterasys SIEM all-in-one and base appliances deliver actionable security intelligence in a rack-mount, network-ready platform. With flexible deployment options, they provide on-board event collection and correlation, layer 7 traffic analysis, aggregation of flow data from multiple network connected devices, and a feature-rich management interface. Enterasys' SIEM all-in-one appliances provide easy deployment and cost efficient network monitoring for small offices or enterprise branches.
SIEM flow anomaly processor
The SIEM flow anomaly processor is an expansion unit for Enterasys SIEM. It offloads and enhances the processing of flow data from the base appliances and interfaces with behavioral flow sensors to collect IP traffic flow information from a broad range of devices.
SIEM event processor
The SIEM Event Processor is an expansion unit for Enterasys SIEM. It offloads and enhances processing of event data from the base appliances. Status events are collected from a broad array of network and security devices. SIEM event processor can process up to 10,000 events per second and, for added flexibility, multiple event processors may be connected to a single base appliance.
SIEM combined event/flow anomaly processor
The SIEM combined event/flow anomaly processor is an expansion unit for Enterasys SIEM. It processes both flow data and event data. The combined processor supports 1,000 EPS and up to 50,000 FPM when fully licensed. Deployment of the combined event/flow anomaly processor enables a highly distributed enterprise to provide cost effective local event and flow collection. It is well suited as an introductory event and network activity processor for remote or branch offices.
SIEM network behavioral flow sensors
A network traffic flow is a sequence of packets that share common characteristics - such as source/destination IP address, source/destination TCP port, and IP protocol used. SIEM network behavioral flow sensors are deployed at strategic points in the network to collect IP traffic flow information from a broad range of networked devices. SIEM network behavioral flow sensors go beyond traditional flow-based data sources to enable application-layer flow analysis and anomaly detection. Deep packet and content inspection capabilities identify threats tunneled over standard protocols and ports.
SIEM virtual flow collectors
Gain the same visibility and functionality that SIEM network behaviorial flow sensors provide for the physical environment for the virtual network infrastructure. A SIEM virtual flow collector is a virtual appliance that enables the analysis of network behavior and layer 7 visibility within the enterprise's virtual infrastructure. SIEM virtual flow collectors support up to 10,000 flows per minute and monitoring of three virtual interfaces with one additional switch designated as the management interface.
SIEM console managerProduct Highlights
For large deployments, the SIEM console manager distributes the collection and processing of flows and logs while maintaining a global view of the entire network. Console manager requires a minimum of one processor appliance.
- Enables NOC and SOC staff to focus on actionable information rather than struggle to interpret millions of daily events generated by network security appliances, switches, routers, servers, and applications
- Uses advanced surveillance and forensics analysis to deliver situational awareness of both external and internal threats including inappropriate content, IM, file transfers, traffic from undesirable geographies, data theft, and malicious worm infections
- Leverages existing investments in network and security infrastructure while accelerating time to value through out-of-box functionality, rapid deployment, and staff efficiency gains
- Integrates with Enterasys Intrusion Prevention System (IPS), Network Access Control (NAC), and NMS automated security manager solutions to provide a unified, real-time view of the threat landscape and effectively detect, isolate, and automatically remediate threats
- Integrates with a broad array of third party security and network products, including firewalls and routers, for the highest level of visibility and protection
- Virtual flow collector allows the analysis of network behavior and enables layer 7 visibility within virtual infrastructures
- Meets the deployment requirements of the largest enterprises with modular component options and easily deployed high availability functionality