SIEM

Security Information Event Management

Manager of the event details

Organisations have attempted to protect themselves by implementing best-of-breed security solutions like antivirus gateways, firewalls and intrusion prevention systems. These technologies are valuable, but this has led to a new problem: crippling complexity.

Today, companies are overwhelmed by scores of security devices and systems from many different vendors. These disparate devices generate a huge flood of data. Whereas three years ago, the typical organisation had hundreds of security devices generating 50,000 events per day, enterprises today have tens of thousands of security devices emitting billions of events that need to be monitored, logged, analysed and correlated every day.

Some of these events are false alarms that can overwhelm operations and waste countless hours by leading security analysts on a fruitless hunt for random incidents. Effectively managing and auditing these security events has become a Herculean task.

What is required is a single, integrated service that enables the collection, correlation and management of massive amounts of security data from heterogeneous sources with real-time monitoring and incident response. What is required is a service that can easily adapt to growing and changing environments. What is required is Connet Real-time Threat Analysis and Incident Response Services.

Connet's Real Time Threat Analysis and Incident Response Service provides the only managed security service available today that is fully capable of detecting, analysing, and responding to the security data your network produces-all in real-time. This unique service combines correlation, early warning and detection with 24x7 expert security analysis and incident response to keep your network ahead of today's evolving risks.

Connet SOC supports a comprehensive range of data sources from more vendors and in more categories than any other MSSP. Supported products are connected to the SOC by Secure Device Agents (SDAs). SDAs are easily deployed and fit any existing infrastructure including "agentless" data aggregation from a centralised collection point at the SOC. The SDAs are specifically developed to interoperate with network and security products, including centralised collection via log forwarding and parsing, direct installation on native devices, concentrators and syslog servers, SNMP, database connectivity and proprietary APIs such as OPSEC, eStreamer, Postoffice, and others. SDAs are updated frequently to accommodate new versions of supported products. Connet continues to aggressively develop SDAs for new data sources based on emerging trends and technologies as well as in response to customer demand. Connet welcomes requests for SDAs connecting to new data sources not currently stated in the list below.

The Real-time Threat Analysis and Incident Response Service supports the following devices.

Copyright © 2011 Connet, Inc. Website powered by Agency of Record