Symantec Security Information Manager enables organizations to collect, store, and analyze log data as well as monitor and respond to security events to meet IT risk and compliance requirements. It can collect and normalize a broad scope of event data and correlate the impact of incidents based on the criticality to business operations or level of compliance to various mandates. Incidents are prioritized using its built-in asset management function, which is populated using scanning tools and allows confidentiality, integrity, and response ratings and policies to be assigned to help prioritize incidents.
In addition to establishing priority to events, Symantec Security Information Manager can provide recommended best practices for response and remediation efforts. Automated updates from Symantec's Global Intelligence Network provide real time information to the correlation process on the vulnerabilities and threats that are occurring across the rest of the world.
Symantec Security Information Manager can enable organizations to produce executive, technical, and audit-level reports that are highly effective at communicating risk levels and the security posture of the organization. Over 300 out-of-the-box queries can create custom reports via Symantec Security Information Manager. Real-time correlation of network and host security breaches with Symantec's trusted global security intelligence makes it the vehicle for a world-class incident response system promoting the integrity of business-critical information assets. Security Information Manager can deliver a framework that automates the real-time collection, monitoring and assessment of audit mechanisms and security controls and can dramatically lower costs and improve the effectiveness of managing activities related to IT security and compliance risks.
Understanding security posture and meeting audit standards
Symantec Security Information Manager is a real-time security information management solution that collects, correlates, and stores event, vulnerability and compliance logs and documents the actions that your security staff takes to help keep your information systems secure. It provides compliance reporting that lets you and your auditors see, firsthand, the state of your security environment. These are crucial to helping your organization provide the accountability and transparency required to comply with stringent mandates and regulations.
Identity and access management
Symantec Security Information Manager can leverage information from existing security and compliance products to assist in monitoring identity and access activities. It can help organizations gain visibility into user access of systems and produce audit trails showing access and changes to critical applications and assets.
Log management and data retention
Symantec Security Information Manager enables organizations to collect, store, and analyze log data as well as monitor and respond to security events to meet IT compliance requirements. Flexible archiving, querying and reporting provide organizations the means to manage logs from every source. Symantec Security Information Manager stores events in a collection of archive files within a specified location. The archive is implemented as a self-maintained module where it monitors disk usage and the age of individual archive files. Based on policy, when a specified maximum disk space is reached or files approach their expiration date, the system deletes old archives to make room for new ones. These files can be stored on the appliance, direct attached storage (DAS), network attached storage (NAS), or on a storage area network (SAN).
Symantec Security Information Manager helps organizations to collect, store and analyze log and intelligence data in order to identify and respond to critical malicious activities after, during or even before they occur. By combining existing protection and prevention device and application data with external intelligence on malicious activities occurring globally, it can deliver comprehensive insight into what incidents are occurring or are most likely to occur.
Assessing threats and security issues
Symantec Security Information Manager allows you to identify the threats you are most vulnerable to and provides remediation steps to address those threats in real-time. It will also classify threats and security issues as they occur based on the effect those events will have on your business environment.
The first critical step in this process is to enable the broad collection of diverse data that is generated by existing security devices and applications. The inherent value of these investments is in the resulting intelligence that they can provide. Symantec Security Information Manager uses over 150 predefined source collectors and provides flexible options for customizing the additional collection of unique source logs. This enhanced collection process, combined with Symantec Security Information Manager's optimized archiving and event processing capabilities provide a highly scalable ability to centralize large amounts of diverse log data.
Correlation based on priorities
Data aggregation enables many organizations to fulfill on basic compliance requirements around data archiving and even sets the stage for rudimentary analysis of events occurring across their environment. There is not, however, any ability to set priorities based upon the criticality of these events. As such, there is no relative difference in this schema between events that include one single desktop computer that might impact a single user versus a critical email gateway that could impact an entire organization. Symantec Security Information Manager allows organizations to prioritize such events automatically by employing a framework of rules based correlation.
Intelligence to respond and take preemptive action
Security monitoring should not rely solely on events that have already occurred. In many cases, being aware of vulnerabilities that have not yet been exploited can provide an organization the ability to take action prior to an event occurring. Symantec Security Information Manager helps customers to establish such an early warning system to take helpful preventive actions.
User access monitoring
Many enterprises are facing the challenges of monitoring various data activities associated with user access. Privileged access policy violations and information access control are increasingly important areas for gaining visibility to improper behavior that can lead to compromised information. Symantec Security Information Manager can help keep track of user behaviors relative to sensitive data, changes in access privileges, failed login attempts and other events that can collectively indicate disruptive incidents.
Security services provisioningProduct Highlights
Many midsized organizations and divisions of larger enterprises have requirements for managing security related events and activities. Unfortunately, many of these customers do not have the ability to secure the budget, resources and relative skills to establish their own on-premise solution. As such, many are looking to third party organizations to help them fulfill on these requirements. Symantec Security Information Manager enables these third parties to be able to deliver these capabilities on an as needed basis.
- Compliance and audit reporting
- Log retention and retrieval
- Real-time threat analysis
- Automated incident prioritization
- Incident remediation workflow
- Align security and compliance requirements with IT operations
- Meet compliance reporting requirements quickly and effectively
- Gain accurate and timely visibility into your security risk posture
- Increase IT staff productivity by prioritizing the most critical of security issues