. : Perimeter Security Solutions – Security Incident Event Management
TriGeo is a Security Information Management (SIM) solution that integrates your existing network security products and operating systems and collects their data in real-time, then aggregates, correlates, and filters the data into a central control console.
TriGeo's patent-pending technology delivers a policy enforcement engine where administrators have total control of TriGeo's Automated Remediation capabilities. The result is a truly proactive approach to network security.
Real-Time Event Detection, Aggregation and Normalization - Log File Life Preserver
With firewalls, routers, switches, IDS, IPS, VPN, anti-virus software and servers, most organizations are simply drowning in log files (and they don't even try to monitor workstation activity). Put an end to data overload once and for all with TriGeo SIM. TriGeo uses an event-centric normalization and a correlation process that centralizes your logs and puts everything right at your fingertips.
TriGeo's focus on real-time data ensures that you have the critical data needed to act. When seconds count, you simply can't afford to wait for systems that depend on "polling" processes to gather statistical data like netflow. TriGeo uses a combination of proprietary agent technology and backbone integration to capture and correlate data from multiple layers and provide coverage from the perimeter to the endpoint.
When your existing security products recognize an event, such as a port scan, they each produce alerts and log files in unique formats that are sometimes puzzling to decipher. Without TriGeo, an administrator would review multiple logs to determine that the scan took place after it occurred. With TriGeo, these multiple events are correlated into one intelligible line of data that TriGeo can respond to in real-time with auto notification and/or active response, depending on a set of rules that you define. View the image for an example of TriGeo's event normalization process.
Event Correlation - The Heart of SIM
The ability to perform real-time event analysis and correlation is the single most important feature to evaluate when considering a security information management system. The millions of events flowing through management consoles would be virtually useless if it wasn't for the analysis and correlation used to identify, notify and respond to suspicious behavior, malicious activity and policy violations.
Powerful Rule Builder
While TriGeo ships with over 500 pre-built correlations, even the most powerful correlation engine would be useless if it was difficult to build rules and tune them to your specific environment. TriGeo's rule builder employs a patent-pending graphical interface that was designed so that anyone can use it.
Now, you can see it for yourself...
Click the image on the above and watch as we construct a simple rule in under 60 seconds.
This specific example illustrates the ease with which TriGeo can examine an event, looking for discrete properties, and take a specific action. In this case, we detect that someone has launched Solitaire, and immediately terminate the application. Naturally, far more elaborate correlations are possible, but this illustrates the tremendous ease with which they can be built - you won't find anything like it, anywhere on the market!
TriGeo recognized that few organizations have the luxury of full-time security teams, and designed the rule builder so that front-line IT personnel could quickly and efficiently build rules that make their lives easier. Naturally, these include security-focused rules, but it's common to build rules that address the daily headaches of issues like account lockouts.
TriGeo's EPIC Technology
TriGeo's event correlation, known as EPIC (Effective Policy through Intelligent Correlation), is patent-pending technology designed specifically for high-performance, real-time analysis and multi-dimensional correlation. TriGeo is the only SIM product on the market using 64bit, in-memory, technology to deliver multiple-event, field-level, non-linear correlation.
TriGeo Event Correlation Highlights:
- Real-Time Event Analysis
- In-Memory Processing
- Multiple-Event Correlation
- Non-Linear Correlation
- Environmental Awareness
- Intuitive Graphical Interface
- Arsenal of Active Reponses
- Policy-Based Notification
Tell Me What's Happening
Few mid-sized organizations have the luxury of 24/7 Security Operation Centers, where technicians can wait for alerts to appear on management consoles. In the real world, the IT staff is frequently on the move, and certainly can't count on being in front of the console to spot an important event. That's why automated notification is a critical component of TriGeo's security information management solution.
TriGeo SIM provides an intelligent, policy-based, notification system that's designed to get the right message to the right person at the right time. Advanced features, such as event thresholds, ensure that you're notified when activity reaches a significant level, but not buried in continuous alerts. When a problem occurs, the last thing you need is your alert system spamming your email or cell phone.
TriGeo's Time of Day sensitivity and Environmental Awareness lets you construct notification rules that are routed appropriately, based on when and where the event occurred. With a template-based design you can easily customize messages based on the type of event or destination device.
Active Response - Take Action Now
As a SIM-based product TriGeo has a unique view of the network. It can monitor data from firewalls, routers, switches, servers, workstations, IDS and even IPS products, and has the ability to spot patterns of behavior that could easily be missed by other network defense technologies. For example, the IPS isn't going to spot log on attempts to administrative accounts or monitor the service process exit of your anti-virus software and correlate the source IP with rejected SMTP traffic from the firewall. Yet, that pattern is classic worm behavior, and an appropriate response may be to quarantine the workstation.
TriGeo's Automated Remediation through Intelligent Correlation™ empowers IT administrators with 24/7 policy enforcement and active network defense. TriGeo will notify, but when the situation warrants, TriGeo will act.
For more information:
Resource documents:: http://www.trigeo.com/publications/
TriGeo Weekly webinars: http://www.trigeo.com/demo/
Check Point, www.checkpoint.com
Solution Overview: Eventia Analyzer & Reporter
With Eventia Analyzer, security teams no longer need to comb through the massive amount of data generated by the devices in their environment. Instead, they can focus on deploying resources on the threats that pose the greatest risk to their business.
Eventia Reporter turns the vast amount of data collected from security and network devices into understandable information that organizations can use to validate the effectiveness of security policies and practices, plan network capacity, and maximize their security investment.
Eventia Reporter centralizes reporting on network, security, and user activity and consolidates the data into concise predefined and custom-built reports. Easy report generation and automatic distribution save time and money.
- Translates security events into action items
- Quickly identifies previously undetectable activity
- Reduces business risk by responding in real-time
- Prioritizes resources to address the most critical threats
- Easily installs and deploys for low TCO
- Generates increased value from current security investments
For more Information:
NGX Info Center
Sample reports: http://www.checkpoint.com/products/er/er_samples.html
McAfee ePolicy Orchestrator - Enforce and monitor your system's security
Coordinate your defense against malicious threats and attacks with McAfee® ePolicy Orchestrator®. As your central security management hub, it helps you keep protection up to date; configure and enforce protection policies; and monitor security status. Do it all from one centralized console.
- Noncompliant system detection - Lower your risks due to noncompliant systems; ePolicy Orchestrator alerts you when such systems are connected to your network
- Patch compliance and reporting - Search for a file, service, registry key, or specific Microsoft patch; monitor compliance by viewing detailed graphical reports
- Virus tracking and notification - Track new anti-virus security updates every hour and deploy them to appropriate systems; ePolicy Orchestrator does it all without anyone's intervention
- Automatic and fast global updating - Distribute updates efficiently and quickly, so that you can respond to new and emerging threats more quickly
McAfee Policy Enforcer network access control - Protect your network and your business from noncompliant systems
One infected or noncompliant system on your network can disable your business, damage your reputation, or subject you to regulatory fines. McAfee® Policy Enforcer network access control (NAC) reduces this risk by limiting network access only to systems that comply with your security policies.
- Discovers noncompliant systems - Detect both managed and unmanaged systems that could cause harm to your network and its users
- Comprehensive system checks - Quickly and easily assess the compliance of quarantined unmanaged systems with McAfee NAC's agent-on-demand
- Broad enforcement - Get built-in enforcement for managed and unmanaged systems connected locally or remotely (LAN, WAN, IPSec, VPN, or SSL); McAfee NAC also provides integration with third-party enforcement framework methods like Cisco Network Admission Control
- Centralized management and control - Manage and control access to your network, along with your other system security products, through a single console with McAfee Policy Enforcer and McAfee® ePolicy Orchestrator®; define policies and get centralized reporting of failed compliance checks and remediation action from the ePO™ console
- Integrates with Cisco ® NAC - Supports Cisco NAC-enabled switches, routers, and VPN gateways; McAfee NAC provides policy definition, system assessment, and remediation, and Cisco NAC offers system detection and enforcement
- Automated remediation options - Offers automated self-remediation through McAfee Total Protection - Advanced and third-party solutions; users can also be directed to a remediation portal where the administrator can recommend specific action
For more information:
McAfee ePolicy Orchestrator Datasheet:
McAfee Policy Enforcer Datasheet:
To know more about any of Secure Datacom’s Security Solutions, contact your SDI salesperson or email us.