Key Features
Real-time monitoring
Provides an integrated view of the threat environment using NetFlow and direct network traffic monitoring, in combination with log-based event sources.
Threat intelligence
Provides an auto update service that maintains current threat information (such as top targeted ports, botnets, emerging threats, bogon IPs, hostile nets, darknets and anonymous proxy) from various security/threat sources on the Internet as well as an integration with IBM X-Force IP Reputation service which feeds the system with valuable threat data and can be refreshed on a daily schedule.
Behavior profiling
Automatically classifies and profiles all log and network activity by application, protocol, geography, network location, ports as well as many other categories, and tracks all related traffic statistics. Behavior analysis capabilities can be applied to all data parsed from log sources as this capability complements rule-based correlation.
Data and user monitoring
Provides predefined, user-oriented activity reports and console views. In addition to standard integration with Active Directory and network authentication devices, Enorasys SIEM also integrates out-of-the-box with IAM and DAM technologies from various vendors.
Automated Discovery & Classification of Assets
Provides automated classification of assets, called Sever Discovery, which greatly improves the rule tuning and deployment process.
Correlation of Vulnerability Assessment Results & Threat Profiling
Supports integration with multiple VA Scanners gathering useful security data for correlation and analysis. Vulnerability data is normalized, mapped and stored in Asset Profiles to be used by Enorasys SIEM’s correlation rules to raise the severity of a threat, or remove false positives.
Advanced Forensics
Provides the ability to store/retain both normalized and the original raw format of the event log for forensic purposes. Real-time, location-based and historical searching of flow and event data for analysis and forensics, greatly improves the ability to assess activities and incident resolution.
Fully Customizable Dashboards, Searches & Reports
Although our NG SIEM system provides hundreds of out of the box intelligent security rules, thousands of report templates, and hundreds of saved operational searches to the Client, which can significantly minimize time-to-value, it is also highly customizable at all the following critical SIEM aspects.
Comprehensive Device Support
Using a variety of collection methods, Enorasys SIEM platform provides collection, analysis and correlation across a broad spectrum of systems (more than 450) from virtually every leading vendor deployed in enterprise networks, including networked solutions, security solutions, servers, hosts, operating systems and applications. In addition, our platform is able to quickly support proprietary applications using Qradar’s Universal DSM capability that allows customers to add their own devices and application support into the platform.