Real-Time Event Detection, Aggregation and Normalization
Log File Life Preserver
With firewalls, routers, switches, IDS, IPS, VPN, anti-virus software and servers, most organizations are simply drowning in log files (and they don't even try to monitor workstation activity). Put an end to data overload once and for all with TriGeo SIM. TriGeo uses an event-centric normalization and a correlation process that centralizes your logs and puts everything right at your fingertips.
TriGeo's focus on real-time data ensures that you have the critical data needed to act. When seconds count, you simply can't afford to wait for systems that depend on "polling" processes to gather statistal data like netflow. TriGeo uses a combination of proprietary agent technology and backbone integration to capture and correlate data from multiple layers and provide coverage from the perimeter to the endpoint.
Event Normalization
When your existing security products recognize an event, such as a port scan, they each produce alerts and log files in unique formats that are sometimes puzzling to decipher. Without TriGeo, an administrator would review multiple logs to determine that the scan took place after it occurred. With TriGeo, these multiple events are correlated into one intelligible line of data that TriGeo can respond to in real-time with auto notification and/or active response, depending on a set of rules that you define. View the image for an example of TriGeo's event normalization process. 
Event Correlation - The Heart of SIM
The ability to perform real-time event analysis and correlation is the single most important feature to evaluate when considering a security information management system. And that's a key strength of the TriGeo solution.
The millions of events flowing through management consoles would be virtually useless if it wasn't for the analysis and correlation used to identify, notify and respond to suspicious behavior, malicious activity and policy violations.
>>Click here to see a list of critical factors to consider when evaluating event correlation products
Powerful Rule Builder While TriGeo ships with over 500 pre-built correlations, even the most powerful correlation engine would be useless if it was difficult to build rules and tune them to your specific environment. TriGeo's rule builder employs a patent-pending graphical interface that was designed so that anyone can use it.
TriGeo recognized that few organizations have the luxury of full-time security teams, and designed the rule builder so that front-line IT personnel could quickly and efficiently build rules that make their lives easier. Naturally, these include security-focused rules, but it's common to build rules that address the daily headaches of issues like account lockouts.
|
>>Click the image on the right and watch as Trigeo constructs a simple rule in under 60 seconds.
This specific example illustrates the ease with which TriGeo can examine an event, looking for discrete properties, and take a specific action.
In this case, we detect that someone has launched Solitaire, and immediately terminate the application. Naturally, far more elaborate correlations are possible, but this illustrates the tremendous ease with which they can be built - you won't find anything like it, anywhere on the market! |
Policy based Notification
Tell Me What's Happening
Few mid-sized organizations have the luxury of 24/7 Security Operation Centers, where technicians can wait for alerts to appear on management consoles.
In the real world, the IT staff is frequently on the move, and certainly can't count on being in front of the console to spot an important event. That's why automated notification is a critical component of TriGeo's security information management solution.
TriGeo SIM provides an intelligent, policy-based, notification system that's designed to get the right message to the right person at the right time.
Advanced features, such as event thresholds, ensure that you're notified when activity reaches a significant level, but not buried in continuous alerts. When a problem occurs, the last thing you need is your alert system spamming your email or cell phone.
TriGeo's Time of Day sensitivity and Environmental Awareness lets you construct notification rules that are routed appropriately, based on when and where the event occurred. With a template-based design you can easily customize messages based on the type of event or destination device
Active Response
Take Action Now
In a perfect world, all of your systems would be patched, there would be no such thing as a zero-day attack, worms wouldn't traverse the internet in a matter of minutes, and you'd actually get to take vacations.
The reality is that you face a highly automated enemy that will stop at nothing to exploit any weakness, so Automated Remediation is a technology that needs serious consideration.
As a SIM-based product,TriGeo has a unique view of the network. It can monitor data from firewalls, routers, switches, servers, workstations,IDS and even IPS products,and has the ability to spot patterns of behavior that could easily be missed by other network defence technologies.
For example, the IPS isn't going to spot log on attempts to administrative accounts or monitor the service process exit of your anti-virus software and correlate the source IP with rejected SMTP traffic from the firewall. Yet, that pattern is classic worm behavior, and an appropriate response may be to quarantine the workstation.
TriGeo's Automated Remediation through Intelligent Correlation™ empowers IT administrators with 24/7 policy enforcement and active network defence. TriGeo will notify, but when the situation warrants, TriGeo will act
Reports
Whether you're complying with audits, delivering network security reports to management, or doing forensic analysis, TriGeo's reporting capabilities provide comprehensive network and security coverage. The reports console is based on the Crystal Reports engine, and we provide over 200 "Audit Proven" stock reports. Customers familiar with Crystal Reports can create their own reports or clone and modify any of the existing reports.
-
Over 200 reports.
-
High level reports provide graphical summaries.
-
Detail reports support
forensic analysis.
-
Query tool filters report data with a few mouse clicks.
-
Crystal Reports integration for easy custom report creation.
-
Schedule reports to run daily,
weekly, etc...
-
Export reports to a variety of
standard formats.
|
>>Click for a larger view |
Bundled Intrusion Detection and Prevention
Fully Configured Intrusion Detection System (IDS)
The TriGeo SIM appliance comes bundled with an installed and fully configured version of Snort ® , one of the market's leading IDS products. This product, while quite powerful, has traditionally been daunting to configure, deploy and maintain. Not any more. By bundling Snort with TriGeo we make it possible for many organizations to employ IDS for the first time, and to do so with no additional IT staff burden, on-going management, or cost.
Powerful Intrusion Prevention
TriGeo's unique Automated Remediation through Intelligent Correlation ™ is the heart of a unique network defence technology. With over 500 pre-built correlation rules, TriGeo ships with one of the industry's most comprehensive libraries. These rules combined with our extensive selection of Active Reponses drive our Intrusion Prevention capabilities
TriGeo is the nerve center for the other defensive tools on the network. By communicating with and coordinating their actions, TriGeo delivers a unified network defence. This can include your perimeter IPS devices, routers and switches, or even the host operating systems. Here too, TriGeo has both extensive product coverage, unique two-way integration and the largest list of automated remediation functions.
Snort is a Registered Trademark of Sourcefire, Inc.
To find out more about Trigeo products call Phoenix Datacom on +44 (0)1296 397711 , send an email or use the Request More Info form. |
