Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

This SIEM is a good fit for small and mid-sized companies

Linda Musthaler | March 11, 2011
There are quite a few good security information and event management (SIEM) tools for the enterprise that capture event information from device logs, correlate the events, alert the experts who can act on troublesome activities and store millions of pieces of data for forensic analysis . The enterprise level products are capable of handling thousands of network devices and millions of events on a daily basis. Security specialists in a company’s security operation center (SOC) monitor the SIEM on a 24/7 basis.

TriGeo SIM doesn’t require someone to monitor the console all the time. The tool allows you to leverage correlation, automated active response, and notification so you can walk away and get other work done while TriGeo watches your back. This is especially good for smaller companies with IT people who must wear numerous hats. What’s more, the correlation engine puts information into the proper context, and alerts are in plain English, so you don’t need to be a security analyst to understand the security events.

TriGeo SIM ships with over 700 correlations in the box, with more than 100 fully enabled upon installation. Many of the correlations are designed for specific businesses; for example, local banks or credit unions. These correlations are unique to situations that might arise in the financial industry. TriGeo customers even share their own home grown correlation rules through an active user community. There are more than 300 reports out of the box, with templates for all the major regulations like HIPAA, PCI, SOX, GLBA and so on. TriGeo has thoughtfully packaged this product to make it easy to get up and running within just a few hours.

In many smaller companies, one person may have administrative privileges to do just about all the IT tasks. In this case, you might think a miscreant administrator would be able to circumvent TriGeo’s logging and analysis to steal sensitive data or commit other harmful acts. Not so. Even an administrator with privileges cannot manipulate the source logs or make changes to an audit trail. Thus, anything he does within the console is fully audited and reported upon.

One thing that is unique to TriGeo SIEM is that it can work all the way out to the endpoint. This allows you to monitor and act upon activities at the desktop; for example, a user attempting to download sensitive data to a USB thumb drive. TriGeo SIEM can detect such an action while it is happening and disable the USB port without intervention.

You don’t have to be a big company with an extensive network to benefit from a SIEM tool. Every network administrator would like better visibility into what’s happening on his network, along with automated notifications and responses to events. TriGeo SIM can address the specific issues of the mid-market organization without charging an enterprise-level price for the solution.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.