Background

Companies are suffering from an overwhelming influx of security data from an array of software and hardware solutions, including antivirus software, firewalls, intrusion detection systems, access control, identity management, single sign-on, authentication and many more. A typical enterprise has one or more of each of these solutions deployed, running on any number of hardware platforms and operating systems.

Each one of these solutions collects and reports their respective security events in a different manner and format, generating a vast quantity of log data. As they seek to protect and enable their enterprises, security administrators are being inundated with messages and events — often millions per day. All this makes it nearly impossible to prioritize events and determine what level of attention they require. This has led to a decrease in overall information security readiness.

In an on-demand computing environment, where systems are being dynamically reconfigured and deployed, it is critical to ensure the existence of a centralized security command and control console that can respond to real-time business priorities and address security information overload.

The Approach

A security management solution that reduces, aggregates, correlates and prioritizes disparate security data to help you effectively manage “security information overload.” It allows you to monitor your security environment and manage your current security status, based on the user’s requirements, from a centralized location in real time — so you can make decisions, take action and provide appropriate reports in a timely manner. Complete role-based situational and operational access provides a real-time view into a network’s security status, enabling a proactive approach to security through automated alerts and detailed reports.

An integrated security solution with a single security management enterprise-wide view brings the entire security theater to a single, web-based portal, allowing you to see only what you need to see, when you need to see it — improving incident response times and reducing exposure to new, emerging threats.

Challenges facing organizations:

Security information overload: Millions of events are generated from disparate systems. Lack of standards and integration between different vendors

How to intelligently correlate information coming from a variety of elements so that false positives are reduced, and alerts are prioritized based on criticality of events

How to determine if there really is a problem (could it be a false positive?). If it turns out there is a problem, how to figure out what / who is causing it

How to have simultaneous, role based view of the data so that only impacted organizations are alerted? How to have a centralized view of all events and threats, in real-time, and have tools to mitigate risks associated with those events and threats?

If the cause can be determined, how to determine what action to take

What assets (if any) are vulnerable?

Does a patch exist? And if so, how do you apply the patches?

Is there any external assistance (vendors, industry websites) available?

Who to contact?

What to shut down?

How to analyze historic information, so that trends and patterns are identified and reported?

How can remediation actions be logged and tracked?

Bridge the gap between network / systems management and security management, by providing visibility into network events within an Enterprise Security SIM / SEM technology.

www.bestitdocuments.com