The Enterasys Security Information and Event Manager (SIEM) product combines best-in-class detection methodologies with behavioral analysis and information from third party vulnerability assessment tools to provide the industry's most intelligent security management solution. Enterasys SIEM delivers actionable information to effectively manage the security posture for organizations of all sizes.
The challenge created by most threat detection systems is the volume of information they generate - making it difficult to determine which vulnerabilities require an immediate, high priority response. The Enterasys SIEM solution addresses this challenge and provides powerful tools that enable the security operations team to proactively manage complex IT security infrastructures.
SIEM base appliances
Enterasys SIEM base appliances deliver actionable security intelligence in a rack-mount, network-ready platform. They provide on-board event collection and correlation, Layer 7 traffic analysis, aggregation of flow data from multiple network connected devices, and a feature-rich management interface. With pre-installed software and web-based setup, SIEM appliances simplify the deployment and configuration of unified security management.
SIEM flow anomaly processor
The SIEM flow anomaly processor is an expansion unit for Enterasys SIEM. It offloads and enhances the processing of flow data from the DSIMBA7-LU appliance and interfaces with behavioral flow sensors to collect IP traffic flow information from a broad range of devices.
SIEM event processor
Status events are collected from a broad array of network and security devices - including router syslogs, SNMP events, and firewall events. Each SIEM event processor can process up to 10,000 events per second and, for added flexibility, multiple event processors may be connected to a single appliance.
SIEM network behavioral flow sensors
A network traffic flow is a sequence of packets that share common characteristics - such as source/destination IP address, source/destination TCP port, and IP protocol used. SIEM network behavioral flow sensors are deployed at strategic points in the network to collect IP traffic flow information from a broad range of networked devices - including switches, routers, security appliances, servers, and applications. SIEM network behavioral flow sensors go beyond traditional flow-based data sources to enable application-layer (L1-L7) flow analysis and anomaly detection. Deep packet and content inspection capabilities identify threats tunneled over standard protocols and ports.
SIEM virtual flow collectors
Gain the same visibility and functionality that SIEM network behavioral flow sensors provide for the physical environment for the virtual network infrastructure. A SIEM virtual flow collector is a virtual appliance that enables the analysis of network behavior and Layer 7 visibility within the enterprise's virtual infrastructure. SIEM virtual flow collectors support up to 10,000 flows per minute and monitoring of three virtual interfaces with one additional switch designated as the management interface.
SIEM console managerProduct Highlights
For large deployments, the SIEM console manager distributes the collection and processing of flows and logs while maintaining a global view of the entire network. Console manager requires a minimum of one processor appliance. NBAD sensors are required for Layer 7 monitoring.
- Enables NOC and SOC staff to focus on actionable information rather than struggle to interpret millions of daily events
- Uses advanced surveillance and forensics analysis to deliver situational awareness of both external and internal threats
- Leverages existing investments in network and security infrastructure while accelerating time to value through out-of-box functionality, rapid deployment, and staff efficiency gains
- Virtual flow collector allows the analysis of network behavior and enables Layer 7 visibility within virtual infrastructures
- Meets the deployment requirements of the largest enterprises with modular component options and easily deployed high availability functionality