FRAMINGHAM, 11 MARCH 2011 - There are quite a few good security information and event management (SIEM) tools for the enterprise that capture event information from device logs, correlate the events, alert the experts who can act on troublesome activities and store millions of pieces of data for forensic analysis . The enterprise level products are capable of handling thousands of network devices and millions of events on a daily basis. Security specialists in a company’s security operation center (SOC) monitor the SIEM on a 24/7 basis.
But what if your network is relatively small and you don’t even have a million events in a year? What if your entire IT department is only a handful of people and your company has no such thing as a SOC? Small and medium-sized companies could really benefit from a tool like SIEM—just as the big enterprises do. This is the market that TriGeo Network Security Inc. addresses with its TriGeo Security Information Manager (SIM) product.
TriGeo SIM is a SIEM appliance that has been purpose-built for companies with 5,000 or fewer employees. It sits in the center of all the other devices on your network and collects logs from these devices. The appliance is able to do log analysis and event correlation in memory, which means the insight from this analysis is as close to real-time events as possible. When a security event is detected, the TriGeo SIM allows for an automated active response that can mitigate an activity that is still in progress.
Here’s an example situation from a TriGeo customer – a small local bank. At 10:00 PM, someone at the closed bank made several failed attempts to login into the network. The TriGeo SIM pieced together the fact there were multiple user login failures, from a single IP address, in a short amount of time, after regular business hours, and alerted the bank’s IT administrator via cell phone. He was able to connect to the network and direct the bank’s security cameras toward the location of the device with the login attempts. There sat the janitor, still trying to gain entry to the network through a desktop PC. The TriGeo SIM sent a command to disconnect the PC from the network, thereby stopping the janitor’s actions before he was able to breach the network.
Sign up for Computerworld eNewsletters.