Security Analytics& Response Orchestration

Industry News:

Enorasys SIEM

Real-time Security Intelligence Enorasys SIEM system is based on IBM’s QRadar, Next Generation SIEM technology, providing a scalable solution for both log management and real time security analysis. With log management, advanced threat detection and policy-aware compliance management all combined in our NG SIEM system, organizations benefit with a tightly integrated solution that quickly and easily delivers corporate-wide security intelligence.

Enorasys SIEM system dramatically expands visibility into network activity, user activity and application activity, giving unprecedented intelligence into potential offense sources across the entire network. Ease-of-use in setup and maintenance is among Enorasys SIEM key strengths and competitive advantages compared to other SIEM solutions. Through a combination of embedded SIEM use-case knowledge, security intelligence and advanced automation Enorasys SIEM system significantly simplifies and minimizes deployment and support tasks.

Contact Encode

Benefits

Real-time visibility for threat detection and prioritization

Provides contextual and actionable surveillance across the entire IT infrastructure, helping organizations detect and remediate threats often missed by other security solutions. These threats can include inappropriate use of applications; insider fraud; and advanced, “low and slow” threats easily lost in the “noise” of millions of events.

Reducing and prioritizing alerts to focus investigations into actionable offenses

Automatically discovers most network log source devices and inspects network flow data to find and classify valid hosts and server assets on the network, tracking the applications, protocols, services and ports they use. The Enorasys SIEM collects, stores and analyses this data and performs real-time event correlation for use in threat detection and compliance reporting and auditing. Billions of events and flows can therefore be reduced and prioritized into a handful of actionable offenses, according to their business impact.

Gaining application visibility and anomaly detection

Encode’s NG SIEM system dynamically learns, network and application, behavioral patterns and can notify on anomalous activity that might signify a security incident. For that purpose Enorasys SIEM supports a variety of anomaly detection capabilities to identify changes in behavior affecting applications, hosts, servers and areas of the network. This behavior analysis can be performed on both events and network activity.

Producing detailed data access and user activity reports to manage compliance

The SIEM provides the transparency, accountability and measurability critical to an organization’s success in meeting regulatory mandates and reporting on compliance. Its ability to correlate and integrate surveillance feeds yields more complete metrics reporting on IT risks for auditors, as well as hundreds of reports and rules templates to address industry compliance requirements.

Driving simplicity and accelerated time to value

Ease-of-use in setup and maintenance is among Enorasys SIEM key strengths and competitive advantages compared to other SIEM solutions. Through a combination of embedded SIEM use-case knowledge, security intelligence and advanced automation Enorasys SIEM system significantly simplifies and minimizes deployment and support tasks.

Key Features

Real-time monitoring

Provides an integrated view of the threat environment using NetFlow and direct network traffic monitoring, in combination with log-based event sources.

Threat intelligence

Provides an auto update service that maintains current threat information (such as top targeted ports, botnets, emerging threats, bogon IPs, hostile nets, darknets and anonymous proxy) from various security/threat sources on the Internet as well as an integration with IBM X-Force IP Reputation service which feeds the system with valuable threat data and can be refreshed on a daily schedule.

Behavior profiling

Automatically classifies and profiles all log and network activity by application, protocol, geography, network location, ports as well as many other categories, and tracks all related traffic statistics. Behavior analysis capabilities can be applied to all data parsed from log sources as this capability complements rule-based correlation.

Data and user monitoring

Provides predefined, user-oriented activity reports and console views. In addition to standard integration with Active Directory and network authentication devices, Enorasys SIEM also integrates out-of-the-box with IAM and DAM technologies from various vendors.

Automated Discovery & Classification of Assets

Provides automated classification of assets, called Sever Discovery, which greatly improves the rule tuning and deployment process.

Correlation of Vulnerability Assessment Results & Threat Profiling

Supports integration with multiple VA Scanners gathering useful security data for correlation and analysis. Vulnerability data is normalized, mapped and stored in Asset Profiles to be used by Enorasys SIEM’s correlation rules to raise the severity of a threat, or remove false positives.

Advanced Forensics

Provides the ability to store/retain both normalized and the original raw format of the event log for forensic purposes. Real-time, location-based and historical searching of flow and event data for analysis and forensics, greatly improves the ability to assess activities and incident resolution.

Fully Customizable Dashboards, Searches & Reports

Although our NG SIEM system provides hundreds of out of the box intelligent security rules, thousands of report templates, and hundreds of saved operational searches to the Client, which can significantly minimize time-to-value, it is also highly customizable at all the following critical SIEM aspects.

Comprehensive Device Support

Using a variety of collection methods, Enorasys SIEM platform provides collection, analysis and correlation across a broad spectrum of systems (more than 450) from virtually every leading vendor deployed in enterprise networks, including networked solutions, security solutions, servers, hosts, operating systems and applications. In addition, our platform is able to quickly support proprietary applications using Qradar’s Universal DSM capability that allows customers to add their own devices and application support into the platform.

Downloads

Case Study : University.
Encode helps University of Aberdeen strengthen security and reduce false positives with advanced security intelligence platform

Infographic - The Cyber Threat Landscape