VoIP for Enterprise TMC

OpenService Launches New Version of Security Information and Event Management Solution

September 26, 2006
OpenService Launches New Version of Security Information and Event Management Solution. Check it out:
MARLBOROUGH, Mass. --(Business Wire)-- OpenService(TM), Inc., the leading provider of Security Information and Event Management (SIEM), Event Correlation and Network Monitoring solutions, today announced the release of Security Management Center (SMC) 4.0, which will deliver unsurpassed reliability and security visibility to the world's largest enterprise networks.



SMC 4.0's features include: Advanced Real-Time Threat Correlation, a Multi-Vendor- Multi-Application Vulnerability Signature MetaBase (VSMB), Risk Profiling, and extensive Automated Threat Response capabilities. SMC 4.0 integrates with a wide array of security devices and products where data is brought into a single integrated console, eliminating the need to view each security vendor's product consoles. The information from all security log sources is available in a single integrated, web-based management and reporting console.

"SMC 4.0 can handle hundreds of millions of events per day and create risk-prioritized alerts, which provide our customers real time security awareness," said Geoffrey Coulter, CTO of OpenService. "Out of the box, SMC 4.0 detects and identifies true threats and attacks that save our enterprise customers time and money by bringing to attention the real threats amidst all the noise."

Central Reporting on Forensics, Compliance and Policy Management

OpenService's Security Log Manager (SLM) provides access to historical log data for forensics, compliance reporting and policy management. SMC's reporting functionality includes, but is not limited to, simple creation of ad-hoc reports, conversion of ad-hoc reports into scheduled reports (including e-mail distribution), and "real-time" reports that update as new events arrive (i.e. reports covering 90 day spans that are always current). Dynamic user defined dashboards can display a combination of alerts, reports and content from third party web based applications. Dashboards are completely customizable and can be configured to meet the preferences of the NOC analyst or the CISO.

Finite State Risk Assessment versus Rules Based Assessment Saves Time and Money

SMC 4.0's Finite State Engine tracks the history of an entire event and continuously builds a log of an attack in progress while simultaneously identifying and escalating threat warnings. Rules based products, on the other hand, analyze events over a defined window of time making low and slow attacks nearly impossible to catch. With SMC's risk based assessment, analysts are not required to write complex rules to match new threats that emerge daily. Instead, they must simply define the assets that are most important to their organization and let SMC 4.0 do the work. Much of this is made possible by SMC's Vulnerability Signature MetaBase, which collects and ties together events from CVE, CAN, and/or BugTraq IDs (among others) to make sure organizations are always correlating on the most up to date list of known vulnerabilities.

"Finite state risk assessment is crucial for successful protection of the infrastructure," said Geoffrey Coulter, CTO of OpenService. "Many times, in a rules based solution, you have to write the rule in just the right way to catch an attack. If the repeated attacks don't all happen in the defined timeframes, you never get an alert. With finite state risk assessment, you can refine your priorities and focus on events that are most critical to your business."

Intelligent Correlation Profiles of the Attacker and Automated Responses

SMC 4.0's advanced correlation models are used to automatically sort, profile, consolidate, and scan security events to automate the analysis of threat patterns and progressions. The analyzed input from firewalls and IDS' (along with a variety of other supported applications) is all stored in one place allowing for immediate identification of a targeted attack against critical assets. Add in vulnerability scanning data, and SMC 4.0 can then correlate against known vulnerabilities on the network. If there's a match, defenses and notification can be automated using techniques such as e-mail alerts, pager notification, script notification, or SNMP traps. On the other hand, if the asset being attacked is already patched or hardened, SMC 4.0 won't "cry wolf" in the middle of the night by issuing a critical alert. Despite a critical alert not being generated, the analyst will still be informed that the asset is being poked and prodded so it can be monitored. SMC 4.0 makes the analyst's job easier by allowing them to focus on the events that need immediate attention versus the events which have a lower priority.

Types of Events and Their Locations in One Simple View

SMC 4.0 organizes network assets in user defined, hierarchical trees (by geography, business line, division, department, or any user defined criteria). As events are generated, they are prioritized and visually represented by bubbling the most dangerous threats against the most critical assets to the top. The navigation tree also provides immediate visual notification showing where the event is occurring and how serious it is.

The SMC 4.0 Console is built to be comprehensible and useful to advanced security analysts, junior level operators or non-technical users who need to assess the security posture of their organization in real-time. No longer is it necessary for analysts to spend hours and hours scouring data from hundreds of different sources; the work is all done by SMC 4.0. SMC 4.0 also provides information required to prove compliance and make auditing easier. With all the time saved by using SMC 4.0, OpenService customers are able to provide their enterprise with pristine security saving them time, money and quick ROI.

About OpenService

OpenService improves the reliability and security of the world's largest enterprise networks. The company specializes in SIEM, Event Correlation and Network Monitoring solutions that scale to high volume, global implementations in use by hundreds of the world's best-known enterprises. Enterprise customers using OpenService's software solutions include Argonne National Labs, Citigroup, Connexion by Boeing, Visa, Verizon and many others in the Fortune 500. For more information, call 508-597-5300 or visit http://www.openservice.com.


Related Tags: , , , , ,

Listed below are links to sites that reference OpenService Launches New Version of Security Information and Event Management Solution:

Trackback Pings

TrackBack URL for OpenService Launches New Version of Security Information and Event Management Solution:
http://blog.tmcnet.com/cgi-bin/mt3/mt-tb.fcgi/28056

Comments to OpenService Launches New Version of Security Information and Event Management Solution