SlideShare a Scribd company logo

Anet SureLog Product Information

Download as DOCX, PDF
Murat Korucu
Murat Korucu

Anet SureLog Product Information

Software
1 of 14
1 | P a g e ANET SURELOG Security Information and Event Management System Product Information AboutANET.......................................................................................................................................2 SureLog SIEM.....................................................................................................................................2 What Is SureLog For?..........................................................................................................................2 What We Offer?.................................................................................................................................2 Advantages of SureLog .......................................................................................................................3 Why Do Companies Need SIEMSystems? ............................................................................................5 Why SureLog SIEMis Intelligent?.........................................................................................................6 What Sets SureLog Apart from the Others?..........................................................................................6 The Correlation Rules Examples ..........................................................................................................9 The Competition ..............................................................................................................................10 SureLog FAQ....................................................................................................................................12 The Competition References.............................................................................................................14 Murat Korucu ANET New Zealand Consultant murat.korucu@anet.net.nz www.anet.net.nz
2 | P a g e About ANET ANET is a privately owned software company incorporated in VA, USA with branches in Turkey and New Zealand. Our mission is to build a software company that embraces "open development philosophy" and provides innovative solutions to problems in collaboration with customers. We have worked extensively with Turkey s biggest Telekom companies Turk Telekom and TTNET on network and internet security. Turk Telekom group provides integrated telecommunication services from PSTN, GSM to Wide band internet. Turk Telekom group companies have 17.1 million of PSTN customers, 6 million ADSL customers and 12.4 million GSM customers as of June 30, 2009. Also our team and projects have received awards from the Scientific and Technical Research Council of Turkey. (TUBİTAK) and the Republic of Turkey Ministry of Industry and Trade: Small and Medium Industry Development Organization. (KOSGEB) ANET has 250 clients including Santander Bank, Adidas, Honda and Bayer pharmaceuticals experiencing the ANET difference throughout Europe. Please see http://www.anet.net.nz/references. ANET SureLog’s unique SIEM architecture provides Superior Correlation Engine, Get the Fastest EPS Performance on the Market, High Speed Log Search, Cost-effective Security Information and Event Management (SIEM), you get unparalleled speed at scale, A SIEM platform that’s simple to deploy:  Aggressive discounts and strong registration program: with the industry’s highest partner margins  Product that just works: thousands of installed systems and hundreds of customer references  Lowest cost to the customer: priced to help you win more deals  90% win rate against competitive products SureLog SIEM  Automate 24x7 security monitoring, alerting, and response  Collect and correlate log and event data in real-time  Streamline compliance reporting and security audits  Fast forensic investigation and root cause analysis  Gain the power of SIEM without spending most of the IT lifecycle time and IT Budget  Perform rapid root cause analysis with built-in intelligence and strong visualization cross networks, systems, applications, and security What Is SureLog For? SureLog helps network security administrators & IT Managers for security events monitoring efficiently and real- time alerting. Also the SureLog software generates reports to comply with various regulations such as Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), and Payment Card Industry Data Security Standards (PCI) and archives logs for the purpose of network auditing and forensic analysis. What We Offer? Multiple Device/ Vendor Support, Flexible Log Archiving, Capability to view traffic trends and usage patterns, Multi-level drill down into top hosts, protocols, web sites and more, VPN/ Squid Proxy Reports, Multi-varied Reporting Capabilities, Centralized event log management, Compliance reporting, Automatic alerting, Historical trending, Security analysis, Host grouping, Pre-built event reports, Customizable report profiles, Report scheduling, Multiple report formats. Compliant with Turkish Law 5651 which guaranties that logs cannot be changed and digitally signed.
3 | P a g e Advantages of SureLog  Fast. Supports 50 000 EPS with thousands of rules.  Trace multiplelogs of different types within defined time frames. Sample rule: Detects An Unusual Condition Where A Source Has Authentication Failures AtA Host Not Followed By A Successful Authentication At The Same Host Within 2 Hours  Correlate different logs (Example: Windows User Creation Event and Telnet Event) accordingto related fields. Sample rule: Look for a new accountbeing created followed by immediate authentication activity fromthat same accountwould detect the backdoor accountcreation followed by the account being used to telnet back into the system  Trace both a logbeing created with desired parameters or not. Sample Rule: Detects An Unusual Condition Where A Source Has Authentication Failures AtA Host Not Followed By A Successful Authentication At The Same Host Within 2 Hours  Audit privileged user activity,such as new account creation,for greater operational transparency  Correlate privileged user behaviour with specific network activity.Sample Rule: Look for a new account being created followed by immediate authentication activity fromthat same accountwould detect the backdoor accountcreation followed by the accountbeing used to telnet back into the system  Correlation ruleeditor is simpleto use  Multiplefilteringoptions  Compression-based correlation.Monitors multipleoccurrences of the same event, removes redundancies and reports them as a singleevent.  Threshold-based correlation.Has a threshold to trigger a report when a specified number of similar events occur.  Filter-based correlation.Inspects each event to determine if itmatches a pattern defined by a regular expression.If a match is found,an action may be triggered as specified in the rule.  Sequence-based correlation.Helps to establish causality of events. Events can be correlated based on specific sequential relationships.For example, synchronizingmultipleevents such as event a being followed by event B to trigger an action.  Time-based correlation is useful for correlatingevents that have specific time-based relationships.Some problems can be determined only through such temporal correlation.For example, time based correlation can be used to implement clean-up rules given a specific interval  Decision speed: Integrated analysistechnology processes highly complex decision logic in real -time– similarto how humans reason.  Continuous learning:We continuously learn the behavior of your environment by cross -correlatinglog information,device availability and performance statistics.  Real-time alertingand historical forensics:Many ready to use rules detect anomalous behaviour and events. Comprehensive search and reporting capabilities simplify compliancereporting.  Business servicevisibility:Monitoring data center resources,users and applicationsin thecontext of business services – not devices, speeds and feeds – to accelerateproblem detection and resolution.
4 | P a g e  Cost-Effective Security Information and Event Management (SIEM) software  Real-Time Event Correlation  Log Search  Real-time Alerting  Dashboard and User based Views  Automates the entire process of managingterabytes of machine-generated logs  Agent-less log analyticssoftwarefor network security devices  Collects,archives,and analyses security devicelogs and generates forensic reports from a central console  Provides end-point security monitoringand analysis,employee Internet monitoring, and bandwidth monitoring  Supports capacity planning,policy enforcement, security,and complianceauditreporting  Works with open sourceand commercial network firewalls (Check Point,Cisco,Juniper, Fortinet, Snort, and more) and IDS/IPS  Supports VPNs, proxies,and related security devices  Collects,analyses,searches,reports,and archives froma central location  Reports on user activity,regulatory compliance,historical trends,and more  Conducts logforensics analysis,monitors privileged users,and ensures compliancewith regulatory bodies  Agent-less Log Collection  Agent based Log Collection  Log Search  Log Analysis  Log Archiving  Log Forensics  Importing Event Logs  User Authentication  Ready-builtEvent Log Reports  Custom Event Log Reports  MicrosoftInternet Information Services (MS IIS) Server Log Reports  VMware Server Log Management Reports  Active Directory Log Reports  PrivilegeUser Monitoring(PUMA) Reports  User Session Monitoring  Event Log Reports  Historical Event Trends  Advanced Search Result as Report Profile  MicrosoftIIS Web server application  MicrosoftIIS FTP server application  DHCP Windows application  DHCP Linux application  MS SQL databaseapplication  Oracledatabaseapplication (Audit)  Apache web server application  Printserver application  Windows Terminal Server Log Monitoring  Custom / Scheduled Reports
5 | P a g e Why Do Companies Need SIEM Systems?  If your company has more than 50 computers and more than 5 servers you need log aggregation, so at the bare minimum you need log management  If your company needs log forensics, you need log management  SIEM is a required tool for compliance purposes in many industries. SIEM is a big part of PCI, HIPAA, HITECH, GLBA, and SOX. If you need compliance or regulatory mandated logging and reporting, go with SIEM  If your company needs real-time alerts across multiple platforms, to help you detect potential security breaches, you need a SIEM  If your company needs to monitor your intranet (your users) for security breaches and protect against inside attacks, you need a SIEM  A SIEM solution exponentially increases the chances of successfully identifying malicious traffic due to its advanced correlation between so many different types of logs from various devices, so if you need to react to malicious traffic, you need a SIEM  If your company needs to monitor and log the access and use of sensitive data , you need a SIEM  The size and complexity of today's enterprises is growing exponentially; if you have a small IT team, you need a SIEM for security monitoring  According to an Evalueserve survey, 57 percent of companies capable of detecting targeted attacks within minutes experienced 10 or fewer attacks in 2013  78 percent of those companies employ a real-time SIEM solution. So If you need real-time attack detection, you need a SIEM  A SIEM is a backup facility that thwarts anyone trying to cover their tracks by deleting log data. So if you need a backup facility for your system logs, you need a SIEM  If your company has a limited IT budget, SIEM cuts costs and increases your IT department’s productivity by automating IT management  SIEM can be used to measure employee performance metrics by monitoring employee resource usage against configurable rules and rule sets
6 | P a g e Why SureLog SIEM is Intelligent? In today’s dynamic and evolving environment of threats, busy IT security teams don’t have the time or resources to do analysis of emerging threats on their own. Continuous Threat Intelligence updates are fully integrated into the SureLog platform for threat assessment, detection, and response. The SureLog advanced correlation engine is integrated to Threat Intelligence updates and advances in memory correlation rules help IT security teams to detect threats. What Sets SureLog Apart from the Others?  SureLog has a highly flexible architecture and supports high volume data throughput rates. As well as the flexible architecture, SureLog possesses a superior correlation engine. The system lets you define complex combinations of events that you need to be alerted of by easily creating and customizing correlation rules with a graphical, drag-and-drop rule creator  SureLog supports 155 brands and 350 devices and categorises logs into 1513 groups  Sophisticated threat intelligence management allows SureLog to dynamically collect black lists and update its database  Unlike many of its competitors, SureLog does not use legacy SQL systems like MS SQL, My SQL , PostgreSQL - instead it uses Vertical DB for archiving  The intuitive interface of SureLog enables users to easily drill-down query interface for ad-hoc or saved context based queries, tabbed data views and provides interactive filtering  SureLog is the ultimate integrated Log Management and SIEM solution with many other features as listed in detail below. CorrelationEngine  Rule Chains  Advanced correlation rules  AttackFollowed by AccountChange  Scan Followed by an Attack  Detects An UnusualCondition WhereA Source HasAuthentication FailuresAtA Host Not Followed By A SuccessfulAuthentication AtTheSameHostWithin 2 Hours  Lookfor a new accountbeing created followed by immediate authentication activity from thatsameaccountwould detect backdooraccountcreation followed by theaccountbeing used to telnet backinto the system  Compression-based correlation. Monitors multiple occurrences of the same event, removes redundancies and reports them as a single event  Threshold-based correlation. Has a threshold to trigger a report when a specified number of similar events occur
7 | P a g e  Filter-based correlation. Inspects each event to determine if it matches a pattern defined by a regular expression. If a match is found, an action may be triggered as specified in the rule  Sequence-based correlation. Helps to establish causality of events. Events can be correlated based on specific sequential relationships. For example, synchronizing multiple events such as event A being followed by event B to trigger an action  Time-based correlation  Supports special correlation requirements  Define rule triggering time frame.Fire Rule B only at lunch time  Define rule suspend timeframeafterfire. Suspend RuleA 1 hourafterfire Taxonomy SureLog supports 155 brands and 350 devices. Categorize (Taxonomy) logs into 1513 groups such as:  Compromised->Remote Control App->Response  Health Status->Informational->High Availability->Link Status->Down  IP Traffic Audit->IP Too many fragments  IP Spoof Access->ICMP CODE Redirect for the Host  File Transfer Traffic Audit->Authentication Failed  Naming Traffic Audit  Session->Start  ICMP Destination Network is Administratively Prohibited EPSPerformance We can reach 10000 EPS and beyond with standard system resources, but our competitors cannot reach this level with their specifications - they require huge resources. The below table depicts our systemrequirements:
8 | P a g e SIEM,LogManagementandTrafficReportingIntegrated  Log search filteringcapabilitiesare asrichas typical logsearch frameworks.Usercansearch anytype of login the fastestway  SupportsLogs byDevice feature.SureLogreportswhichmachinesare sendingthe logdata  Also,SureLoghasmany predefinedreportsforcompliancymanagement.A large numberof preconfigureddashboardsare present,tailoredtowardsmonitoringperformance,compliance, vulnerabilities,flowdataandothermetrics.Customdashboardsare easilycreatedthroughasimple drag-and-dropinterface,givingusersaccesstoreports  Predefined commonly usedsearchfilters suchas:  Get listof logged-inusers toourWindowsservers.Noneedtoknow EventID(oranything else)  Track whena passwordchange was done  Change passwordattempts  See whoislogged-inonYourLinux System  No needtoknowEventID (oranythingelse).Filterandreportsare available withone click  SureLoghas a trafficreportingmodule aswell assecurityreportingsuchas:  Who issending/ receivingthe traffic?  Whichhost issending/ receivingthe traffic?  What isthe trafficshare of variousprotocol groups?  What isthe eventseveritypatterndue tothe traffic?  Receive trafficreportsforthe following:  Host specifictraffic  User specifictraffic  Protocol Group specifictraffic  Eventseverityspecifictraffic  OtherPredefinedTrafficandSecurityReportCategories:  Firewall Reports  TrafficReports  URL Report  VPN Reports  TrafficDetailsReport  Inbound& OutboundTraffic  IntranetReports  SecurityReports  VirusReports  Attack Reports  Spam Reports  TrendReports  Protocol TrendReports  TrafficTrendReports  EventTrendReports  VPN TrendReports
9 | P a g e Simplicity  SureLog has an end user point of view, no need to develop scripts etc.  SureLog technology is designed to transform huge volumes of data into an effortless package  No learning curves. Minimize the burden of needing qualified security professionals on staff EasytoInstall Software solution that can be installed both with 64 bit Windows and Linux OS. The setup is straightforward. LowImplementationandManagementCosts Because of low system requirements for high EPS values, easy install & setup and no learning curves; SureLog costs are low. The Correlation Rules Examples  Warn if 5 failed logon attempts are tried with different usernames from the same IP to the same machine in 15 minutes and after that, if a successful login occurs from the same IP to any machine.  Warn if a host scan is made by an IP and then if a successful connection is established by the same IP and then backward connection is established from connected IP to connecting IP.  Warn if more than 100 connections are established from the different external IPs to the same destination IP in one minute.  Warn if 100 connections are established from the same external IP through different ports to the same destination IP in one minute.  Warn if the same user tries more than three failed logon attempts to the same machine in an hour.  Warn if a user can’t log into any server and caused failed authentication and in two hours if that user can’t log into the same server.  Warn one if more than 100 packets are blocked by UTM/FireWall from the same source IP and don’t warn within an hour. (Millions of packets are blocked in case of DDOS attack. If email is sent for each, you are exposed yo yourself DDOS attack.)  Report the source IP which causes UnusualUDPTraffic.  Warn if a traffic is occurred to a source or from a source in IPReputation list.  Warn if network traffic occurs from the source or to a source in malicious link list published by TRCERT - Turkey - Computer Emergency Response Team  If someone sets up DHCP server in your network or if a different gateway broadcasts, to find out this: Warn if a traffic occurs from inside to outside or from outside to inside whose protocol is UDP, destination port is 67, and destination IP is not in registered IP list.  Warn if an IP scan occurs.  Warn if SQL attack occurs via web server.  Warn if the servers are accessed out of hours.  Warn if the same user tries more than three failed logon attempts to different machines in a minute.
10 | P a g e  Warn If an attack followed by account change  Warn If scan followed by an attack  Detects an Unusual Condition Where A Source Has Authentication Failures At A Host But That Is Not Followed By A Successful Authentication At The Same Host Within 2 Hours  Look for a new account being created followed by immediate authentication activity from that same account would detect the backdoor account creation followed by the account being used to telnet back into the system  Monitor same source having excessive logon failures at distinct hosts,  Check whether the source of an attack was previously the destination of an attack (within 15 minutes)  Check whether there are 5 events from host firewalls with severity 4 or greater in 10 minutes between the same source and destination IP  Look for a new account being created, followed shortly by access/authentication failure activity from the same account  Monitor system access outside of business hours The Competition In this section SureLog and our main competitors’ EPS performance, correlation capability and log management integration features will be compared. When available, product development official documents are also given as a reference to the comparison result. Alienvault:Appliance setup can be a little challenging. Max Correlation EPS performance is limited to 10 000 EPS. All SIEM logs are stored in the MySQL database and this causes an issue in terms of scalability, especially with high log volume environments because backup and restore is time and CPU/RAM consuming. The biggest issue we have seen with the product is its poor stability. With too many components, myriad integration and many scripts, the product is likely to be unstable. Alienvault uses cross Correlation rules to connect just IDS events and vulnerabilities which is very limited. Also you cannot develop rules like User Has Authentication Failures at a Host Not Followed by a Successful Authentication at the Same Host by the Same User within 2 Hours, because username relation between two events is not possible. Also, computer name relation is not possible. Another rule sample that you cannot develop: If condition occurs, then within 5 minutes, condition B occurs and condition C does not occurs and condition D occurs. This is because ‘Not occur’ is not supported in Alienvault Directives. Alienvault has drawbacks in rule definitions such as having to restart the server after editing a rule or adding a new rule. Prices for 1000 eps collection + 1000 EPS collation = 25000 USD CorreLog:CorreLog’s correlation engine is very primitive. There is no user-friendly correlation rule editor. Taxonomy, creating scenarios based on multiple rules and cross correlation rules are not supported. Everything is query based. Lacks some high-end features, such as an interactive report generator. There is no report template support. Pre-defined reports like Deleted files, Attack reports etc. are missing. Rule editor needs a specific notation and it is hard to develop a simple rule. EIQNetworksSecureVue:It is a resource monster SIEM solution. Just for 1000 EPS, SecureVue requires a Dual Quad Core 2.0 GHz, 64 GB RAM, 15 K RPM Disk.
11 | P a g e Eventtracker:The Eventtracker correlation engine is not as powerful as SureLog. Taxonomy is not supported. EPS is not considered a critical issue and there is no data about EPS performance. LogRhythm:LogRhythmis a good competitor. But LogRhythm system requirements are high; for just 1000 EPS, LogRhythm requires 6 Core, 64 GB RAM. LogRhythm report-building is limited by its use of Crystal Reports. It has limitation in Crystal Reports. Anon-editable template must be created, then the report is created against the template. The template needs a preview option, as well as an edit option. Also prices start at 25000 USD and for 1000 EPS and it reaches 75 000 USD. ManageEngine:ManageEngine Firewall Analyser and ManageEngine Event Analyser are two different products; one for firewalls and one for mainly Windows. They are not integrated. ManageEngine EventAnalyzer's correlation engine is very simple. Firewall Analyser does not have a SIEM-like correlation engine. There is no taxonomy support. Requires huge resources for high EPS and device support is very limited. Splunk:Splunk is a log search framework. Not a complete SIEM solution and costly for large enterprise installations. Splunk is often significantly more expensive than competing SIEM solutions. Splunk doesn’t do In-Memory Correlation. Splunk may require additional installation assistance. SolarwindsLEM:TheSolarwinds LEMcorrelation engine isvery simple. For example, you cannot create arule to detect An Unusual Condition Where A Source Has Authentication Failures At A Host Not Followed By ASuccessful Authentication At The Same Host Within 2 Hours. Solarwinds LEMdoes not support creating scenarios based on multiple rules. Threshold rules are very limited. For example you cannot create a rule such as the following: If you want to check whether there are 5 events from Host Firewalls with severity 4 or greater in10 minutes between the same source and same destination IP. There is no data for bigger installations but initial requirements are: 8 GBRAM, Dual processor, 3GHz. Most reports are client-based. WEB based reports are limited. EPS performance is very limited also. TripwireLogCenter:Tripwire Log Center isaresource monster SIEM solution; for only 500 EPS, the Tripwire Log Center requires Quad processor/Six core 64 GBRAM 10K RPM. The SureLog correlation engine issuperior to than tripwire. Also not cost-effective for some environments. Trustwave:Trustwave has very limited EPS performance. There isno capacity above 3400 EPS. The SureLog correlation engine issuperior to that ofTrustwave. Report wizard can be cumbersome to use, and manual custom report creation requires SQL and XML skills.Also expensive and hard to use.
12 | P a g e SureLog FAQ LogEventCollection  Does ANETSureLog deploy eventcollectors as agent-less? YES  Does ANETSureLog providea comprehensiveout-of-the-boxcoverageacrossalltypesof event sources?YES  Are failuresof theevent collection infrastructuredetected immediately and operationspersonnel notified?YES  Does ANETSureLog supporttheability to parsemulti-line log files? YES  Does ANETSureLog havea toolkitto allow customersto create integration with unsupported legacy or home-grown eventsources? YES(Itsupportsdeveloping customparsersvia XMLdefinitions)  Does ANETSureLog providean agent-lesssolution thatcan automatically accepteventsand startto monitordeviceswithoutany administratorintervention? YES  Can ANET SureLog importapplication logs? YES  Does ANETSureLog collect logsin a distributed manner,offloading theprocessing requirementsof the log managementsystemfortaskssuch asfiltering,aggregation,compressionand encryption?YES  Can ANET SureLog import syslog?YES  Can ANET SureLog importHTTP requestsmadeon yourwebsite? YES × Does ANETSureLog provideencrypted transmission of log data to the log managementsystem? NO LogEventProcessing  Does ANETSureLog categorizelog data into an easily readableformatto eliminate the need to know vendor-specificeventIDs?YES  Does ANETSureLog providethe ability to reduce eventdata through filtering or aggregation beforeit is sent to thelog managementorcorrelation system? YES  Is ANETSureLog capableof correcting eventtime for systemswith incorrect timestamps? YES  Does ANETSureLog normalizeall collected eventdata into a consistentformat(e.g.,NIST800-92)? YES
13 | P a g e SIEMAnalysisandReporting  Does thesolution allow for a quick drill-down fromhigh level to low level? YES  Are eventdatalists automatically populated by thesystemfortracking thingssuch as attacks,user sessionsand otherpolicy violations? YES  Does ANETSureLog reportwhich machinesaresending the log data? YES  Does ANETSureLog havecorrelation for eventsfrommultiple eventsources,many thatdo not contain userinformation,into a concise set of actionsperformed by a specific individual? YES  Does ANETSureLog aggregateand suppressalerting with granularoptionsand useconditionallogic to determineif an alert should begenerated? YES  Does ANETSureLog offera reporting interfacethatcan leverageexisting reportsor the creation of newreports? YES  Does ANETSureLog continueto work(withoutmodifications) if a particulartechnology,such asa Firewall or IDS product,isreplaced with a newer productorvendor? YES × Does thesolution allow to dynamically calculatea threatscore based on multiple criteria? NO SecurityEventCorrelationRules  Does thesolution providea rule authoring system? YES  Does ANETSureLog’s correlation engineprovidemany correlation rules out-of-the-boxto automate incident detection and workflowprocess? YES  Does ANETSureLog allow rules to be triggered in a series,matching variouscorrelation activitybefore an alert is generated? YES SecurityIncidentCompliance  Does thesolution provideout-of-the-box contentforcomplianceregulation NERC? YES  Does thesolution provideout-of-the-box contentforcomplianceregulation FISMA? YES  Does thesolution provideout-of-the-box contentforcomplianceregulation HIPAA? YES  Does thesolution provideout-of-the-box contentforcomplianceregulation PCI-DSS?YES  Does ANETSureLog providethe frameworkto reporton ISOor NISTcomplianceitems thatcan be mapped directly to any regulatory standard orenterprisesecurity policy? YES  Does thesolution provideout-of-the-box contentforcomplianceregulation SOX? YES × Does ANETSureLog alert when notin compliance? NO
14 | P a g e SecurityIncidentDetection  Is ANETSureLog able to correlateevent data againststaticlists of items thatthe customerdoesn't allow on the network(i.e.list of insecureprotocols)? YES  Can ANET SureLog correlateDHCP, VPN and ActiveDirectory eventsto providesession tracking for every user in the enterprise? YES  Is ANETSureLog capableof keeping a statistical baselineof "normal"monitored activity (e.g., attacker,target,ports,protocolsand session data)? YES  Is ANETSureLog capableof detecting patternsof activity thatwould otherwisego unnoticed by real- time correlation? YES  Does thesolution incorporatedatafromVulnerability Assessmentproductsin orderto dynamically definethe eventpriority? YES  Is ANETSureLog capableof presenting categorized data to the correlation engine to allow real-time detection and response? YES  Is ANETSureLog capableof correlating activity acrossmultiple devices out-of-the-box to detect authentication failures,perimetersecurity,wormoutbreaksand operationaleventsin real-time withouttheneed to specify particulardevice type? YES  Does ANETSureLog allow customersto create objectssuch asfilters or search queriesthatare reusablethroughoutthesystem? YES  Does thesolution dynamically read fromand add data fromeventsto lists? YES × Is ANETSureLog capableof monitoring attackhistory againstcritical assetsor by particularusers? NO The Competition References  http://www8.hp.com/tr/tr/software-solutions/arcsight-esm-enterprise-security-management/tech-specs.html  http://www.eiqnetworks.com/pdfs/2013_Datasheets/SecureVue-Log-Management-and-SIEM- Data%20Sheet.pdf  https://www.trustwave.com/Resources/Library/Documents/Trustwave-SIEM-Log-Management-Appliances- Overview  https://www3.trustwave.com/siem-log-management-enterprise-appliance  http://www.tripwire.com/tripwire/assets/File/docs/Tripwire_Log_Center_Sizing_Matrix.pdf  http://www.logzilla.net/products/recommended-hardware  http://www.solarwinds.com/log-event-manager.aspx#p_systemrequirements  http://www.accelops.com/services/faq/#question1712  https://www.alienvault.com/docs/data-sheets/AV-USM.pdf  https://www.netiq.com/documentation/sentinel70/s701_install/data/btmckgy.html#bwwvoik  http://www.01.ibm.com/support/knowledgecenter/SS42VS_7.2.4/com.ibm.qradar.doc_7.2.4/c_hwg_3105_all one_base.html

Recommended

ANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponseANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponseErtugrul Akbas
 
ANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main AdvantagesANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main AdvantagesMurat Korucu
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 

Recommended

ANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponseANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponseErtugrul Akbas
 
ANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main AdvantagesANET SureLog International Edition Main Advantages
ANET SureLog International Edition Main AdvantagesMurat Korucu
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessEvangelist Apps https://twitter.com/EvangelistSW/
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 

More Related Content

Recently uploaded

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 

Recently uploaded (20)

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 

Featured

PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 

Featured (20)

PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 

Anet SureLog Product Information

  • 1. 1 | P a g e ANET SURELOG Security Information and Event Management System Product Information AboutANET.......................................................................................................................................2 SureLog SIEM.....................................................................................................................................2 What Is SureLog For?..........................................................................................................................2 What We Offer?.................................................................................................................................2 Advantages of SureLog .......................................................................................................................3 Why Do Companies Need SIEMSystems? ............................................................................................5 Why SureLog SIEMis Intelligent?.........................................................................................................6 What Sets SureLog Apart from the Others?..........................................................................................6 The Correlation Rules Examples ..........................................................................................................9 The Competition ..............................................................................................................................10 SureLog FAQ....................................................................................................................................12 The Competition References.............................................................................................................14 Murat Korucu ANET New Zealand Consultant murat.korucu@anet.net.nz www.anet.net.nz
  • 2. 2 | P a g e About ANET ANET is a privately owned software company incorporated in VA, USA with branches in Turkey and New Zealand. Our mission is to build a software company that embraces "open development philosophy" and provides innovative solutions to problems in collaboration with customers. We have worked extensively with Turkey s biggest Telekom companies Turk Telekom and TTNET on network and internet security. Turk Telekom group provides integrated telecommunication services from PSTN, GSM to Wide band internet. Turk Telekom group companies have 17.1 million of PSTN customers, 6 million ADSL customers and 12.4 million GSM customers as of June 30, 2009. Also our team and projects have received awards from the Scientific and Technical Research Council of Turkey. (TUBİTAK) and the Republic of Turkey Ministry of Industry and Trade: Small and Medium Industry Development Organization. (KOSGEB) ANET has 250 clients including Santander Bank, Adidas, Honda and Bayer pharmaceuticals experiencing the ANET difference throughout Europe. Please see http://www.anet.net.nz/references. ANET SureLog’s unique SIEM architecture provides Superior Correlation Engine, Get the Fastest EPS Performance on the Market, High Speed Log Search, Cost-effective Security Information and Event Management (SIEM), you get unparalleled speed at scale, A SIEM platform that’s simple to deploy:  Aggressive discounts and strong registration program: with the industry’s highest partner margins  Product that just works: thousands of installed systems and hundreds of customer references  Lowest cost to the customer: priced to help you win more deals  90% win rate against competitive products SureLog SIEM  Automate 24x7 security monitoring, alerting, and response  Collect and correlate log and event data in real-time  Streamline compliance reporting and security audits  Fast forensic investigation and root cause analysis  Gain the power of SIEM without spending most of the IT lifecycle time and IT Budget  Perform rapid root cause analysis with built-in intelligence and strong visualization cross networks, systems, applications, and security What Is SureLog For? SureLog helps network security administrators & IT Managers for security events monitoring efficiently and real- time alerting. Also the SureLog software generates reports to comply with various regulations such as Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), and Payment Card Industry Data Security Standards (PCI) and archives logs for the purpose of network auditing and forensic analysis. What We Offer? Multiple Device/ Vendor Support, Flexible Log Archiving, Capability to view traffic trends and usage patterns, Multi-level drill down into top hosts, protocols, web sites and more, VPN/ Squid Proxy Reports, Multi-varied Reporting Capabilities, Centralized event log management, Compliance reporting, Automatic alerting, Historical trending, Security analysis, Host grouping, Pre-built event reports, Customizable report profiles, Report scheduling, Multiple report formats. Compliant with Turkish Law 5651 which guaranties that logs cannot be changed and digitally signed.
  • 3. 3 | P a g e Advantages of SureLog  Fast. Supports 50 000 EPS with thousands of rules.  Trace multiplelogs of different types within defined time frames. Sample rule: Detects An Unusual Condition Where A Source Has Authentication Failures AtA Host Not Followed By A Successful Authentication At The Same Host Within 2 Hours  Correlate different logs (Example: Windows User Creation Event and Telnet Event) accordingto related fields. Sample rule: Look for a new accountbeing created followed by immediate authentication activity fromthat same accountwould detect the backdoor accountcreation followed by the account being used to telnet back into the system  Trace both a logbeing created with desired parameters or not. Sample Rule: Detects An Unusual Condition Where A Source Has Authentication Failures AtA Host Not Followed By A Successful Authentication At The Same Host Within 2 Hours  Audit privileged user activity,such as new account creation,for greater operational transparency  Correlate privileged user behaviour with specific network activity.Sample Rule: Look for a new account being created followed by immediate authentication activity fromthat same accountwould detect the backdoor accountcreation followed by the accountbeing used to telnet back into the system  Correlation ruleeditor is simpleto use  Multiplefilteringoptions  Compression-based correlation.Monitors multipleoccurrences of the same event, removes redundancies and reports them as a singleevent.  Threshold-based correlation.Has a threshold to trigger a report when a specified number of similar events occur.  Filter-based correlation.Inspects each event to determine if itmatches a pattern defined by a regular expression.If a match is found,an action may be triggered as specified in the rule.  Sequence-based correlation.Helps to establish causality of events. Events can be correlated based on specific sequential relationships.For example, synchronizingmultipleevents such as event a being followed by event B to trigger an action.  Time-based correlation is useful for correlatingevents that have specific time-based relationships.Some problems can be determined only through such temporal correlation.For example, time based correlation can be used to implement clean-up rules given a specific interval  Decision speed: Integrated analysistechnology processes highly complex decision logic in real -time– similarto how humans reason.  Continuous learning:We continuously learn the behavior of your environment by cross -correlatinglog information,device availability and performance statistics.  Real-time alertingand historical forensics:Many ready to use rules detect anomalous behaviour and events. Comprehensive search and reporting capabilities simplify compliancereporting.  Business servicevisibility:Monitoring data center resources,users and applicationsin thecontext of business services – not devices, speeds and feeds – to accelerateproblem detection and resolution.
  • 4. 4 | P a g e  Cost-Effective Security Information and Event Management (SIEM) software  Real-Time Event Correlation  Log Search  Real-time Alerting  Dashboard and User based Views  Automates the entire process of managingterabytes of machine-generated logs  Agent-less log analyticssoftwarefor network security devices  Collects,archives,and analyses security devicelogs and generates forensic reports from a central console  Provides end-point security monitoringand analysis,employee Internet monitoring, and bandwidth monitoring  Supports capacity planning,policy enforcement, security,and complianceauditreporting  Works with open sourceand commercial network firewalls (Check Point,Cisco,Juniper, Fortinet, Snort, and more) and IDS/IPS  Supports VPNs, proxies,and related security devices  Collects,analyses,searches,reports,and archives froma central location  Reports on user activity,regulatory compliance,historical trends,and more  Conducts logforensics analysis,monitors privileged users,and ensures compliancewith regulatory bodies  Agent-less Log Collection  Agent based Log Collection  Log Search  Log Analysis  Log Archiving  Log Forensics  Importing Event Logs  User Authentication  Ready-builtEvent Log Reports  Custom Event Log Reports  MicrosoftInternet Information Services (MS IIS) Server Log Reports  VMware Server Log Management Reports  Active Directory Log Reports  PrivilegeUser Monitoring(PUMA) Reports  User Session Monitoring  Event Log Reports  Historical Event Trends  Advanced Search Result as Report Profile  MicrosoftIIS Web server application  MicrosoftIIS FTP server application  DHCP Windows application  DHCP Linux application  MS SQL databaseapplication  Oracledatabaseapplication (Audit)  Apache web server application  Printserver application  Windows Terminal Server Log Monitoring  Custom / Scheduled Reports
  • 5. 5 | P a g e Why Do Companies Need SIEM Systems?  If your company has more than 50 computers and more than 5 servers you need log aggregation, so at the bare minimum you need log management  If your company needs log forensics, you need log management  SIEM is a required tool for compliance purposes in many industries. SIEM is a big part of PCI, HIPAA, HITECH, GLBA, and SOX. If you need compliance or regulatory mandated logging and reporting, go with SIEM  If your company needs real-time alerts across multiple platforms, to help you detect potential security breaches, you need a SIEM  If your company needs to monitor your intranet (your users) for security breaches and protect against inside attacks, you need a SIEM  A SIEM solution exponentially increases the chances of successfully identifying malicious traffic due to its advanced correlation between so many different types of logs from various devices, so if you need to react to malicious traffic, you need a SIEM  If your company needs to monitor and log the access and use of sensitive data , you need a SIEM  The size and complexity of today's enterprises is growing exponentially; if you have a small IT team, you need a SIEM for security monitoring  According to an Evalueserve survey, 57 percent of companies capable of detecting targeted attacks within minutes experienced 10 or fewer attacks in 2013  78 percent of those companies employ a real-time SIEM solution. So If you need real-time attack detection, you need a SIEM  A SIEM is a backup facility that thwarts anyone trying to cover their tracks by deleting log data. So if you need a backup facility for your system logs, you need a SIEM  If your company has a limited IT budget, SIEM cuts costs and increases your IT department’s productivity by automating IT management  SIEM can be used to measure employee performance metrics by monitoring employee resource usage against configurable rules and rule sets
  • 6. 6 | P a g e Why SureLog SIEM is Intelligent? In today’s dynamic and evolving environment of threats, busy IT security teams don’t have the time or resources to do analysis of emerging threats on their own. Continuous Threat Intelligence updates are fully integrated into the SureLog platform for threat assessment, detection, and response. The SureLog advanced correlation engine is integrated to Threat Intelligence updates and advances in memory correlation rules help IT security teams to detect threats. What Sets SureLog Apart from the Others?  SureLog has a highly flexible architecture and supports high volume data throughput rates. As well as the flexible architecture, SureLog possesses a superior correlation engine. The system lets you define complex combinations of events that you need to be alerted of by easily creating and customizing correlation rules with a graphical, drag-and-drop rule creator  SureLog supports 155 brands and 350 devices and categorises logs into 1513 groups  Sophisticated threat intelligence management allows SureLog to dynamically collect black lists and update its database  Unlike many of its competitors, SureLog does not use legacy SQL systems like MS SQL, My SQL , PostgreSQL - instead it uses Vertical DB for archiving  The intuitive interface of SureLog enables users to easily drill-down query interface for ad-hoc or saved context based queries, tabbed data views and provides interactive filtering  SureLog is the ultimate integrated Log Management and SIEM solution with many other features as listed in detail below. CorrelationEngine  Rule Chains  Advanced correlation rules  AttackFollowed by AccountChange  Scan Followed by an Attack  Detects An UnusualCondition WhereA Source HasAuthentication FailuresAtA Host Not Followed By A SuccessfulAuthentication AtTheSameHostWithin 2 Hours  Lookfor a new accountbeing created followed by immediate authentication activity from thatsameaccountwould detect backdooraccountcreation followed by theaccountbeing used to telnet backinto the system  Compression-based correlation. Monitors multiple occurrences of the same event, removes redundancies and reports them as a single event  Threshold-based correlation. Has a threshold to trigger a report when a specified number of similar events occur
  • 7. 7 | P a g e  Filter-based correlation. Inspects each event to determine if it matches a pattern defined by a regular expression. If a match is found, an action may be triggered as specified in the rule  Sequence-based correlation. Helps to establish causality of events. Events can be correlated based on specific sequential relationships. For example, synchronizing multiple events such as event A being followed by event B to trigger an action  Time-based correlation  Supports special correlation requirements  Define rule triggering time frame.Fire Rule B only at lunch time  Define rule suspend timeframeafterfire. Suspend RuleA 1 hourafterfire Taxonomy SureLog supports 155 brands and 350 devices. Categorize (Taxonomy) logs into 1513 groups such as:  Compromised->Remote Control App->Response  Health Status->Informational->High Availability->Link Status->Down  IP Traffic Audit->IP Too many fragments  IP Spoof Access->ICMP CODE Redirect for the Host  File Transfer Traffic Audit->Authentication Failed  Naming Traffic Audit  Session->Start  ICMP Destination Network is Administratively Prohibited EPSPerformance We can reach 10000 EPS and beyond with standard system resources, but our competitors cannot reach this level with their specifications - they require huge resources. The below table depicts our systemrequirements:
  • 8. 8 | P a g e SIEM,LogManagementandTrafficReportingIntegrated  Log search filteringcapabilitiesare asrichas typical logsearch frameworks.Usercansearch anytype of login the fastestway  SupportsLogs byDevice feature.SureLogreportswhichmachinesare sendingthe logdata  Also,SureLoghasmany predefinedreportsforcompliancymanagement.A large numberof preconfigureddashboardsare present,tailoredtowardsmonitoringperformance,compliance, vulnerabilities,flowdataandothermetrics.Customdashboardsare easilycreatedthroughasimple drag-and-dropinterface,givingusersaccesstoreports  Predefined commonly usedsearchfilters suchas:  Get listof logged-inusers toourWindowsservers.Noneedtoknow EventID(oranything else)  Track whena passwordchange was done  Change passwordattempts  See whoislogged-inonYourLinux System  No needtoknowEventID (oranythingelse).Filterandreportsare available withone click  SureLoghas a trafficreportingmodule aswell assecurityreportingsuchas:  Who issending/ receivingthe traffic?  Whichhost issending/ receivingthe traffic?  What isthe trafficshare of variousprotocol groups?  What isthe eventseveritypatterndue tothe traffic?  Receive trafficreportsforthe following:  Host specifictraffic  User specifictraffic  Protocol Group specifictraffic  Eventseverityspecifictraffic  OtherPredefinedTrafficandSecurityReportCategories:  Firewall Reports  TrafficReports  URL Report  VPN Reports  TrafficDetailsReport  Inbound& OutboundTraffic  IntranetReports  SecurityReports  VirusReports  Attack Reports  Spam Reports  TrendReports  Protocol TrendReports  TrafficTrendReports  EventTrendReports  VPN TrendReports
  • 9. 9 | P a g e Simplicity  SureLog has an end user point of view, no need to develop scripts etc.  SureLog technology is designed to transform huge volumes of data into an effortless package  No learning curves. Minimize the burden of needing qualified security professionals on staff EasytoInstall Software solution that can be installed both with 64 bit Windows and Linux OS. The setup is straightforward. LowImplementationandManagementCosts Because of low system requirements for high EPS values, easy install & setup and no learning curves; SureLog costs are low. The Correlation Rules Examples  Warn if 5 failed logon attempts are tried with different usernames from the same IP to the same machine in 15 minutes and after that, if a successful login occurs from the same IP to any machine.  Warn if a host scan is made by an IP and then if a successful connection is established by the same IP and then backward connection is established from connected IP to connecting IP.  Warn if more than 100 connections are established from the different external IPs to the same destination IP in one minute.  Warn if 100 connections are established from the same external IP through different ports to the same destination IP in one minute.  Warn if the same user tries more than three failed logon attempts to the same machine in an hour.  Warn if a user can’t log into any server and caused failed authentication and in two hours if that user can’t log into the same server.  Warn one if more than 100 packets are blocked by UTM/FireWall from the same source IP and don’t warn within an hour. (Millions of packets are blocked in case of DDOS attack. If email is sent for each, you are exposed yo yourself DDOS attack.)  Report the source IP which causes UnusualUDPTraffic.  Warn if a traffic is occurred to a source or from a source in IPReputation list.  Warn if network traffic occurs from the source or to a source in malicious link list published by TRCERT - Turkey - Computer Emergency Response Team  If someone sets up DHCP server in your network or if a different gateway broadcasts, to find out this: Warn if a traffic occurs from inside to outside or from outside to inside whose protocol is UDP, destination port is 67, and destination IP is not in registered IP list.  Warn if an IP scan occurs.  Warn if SQL attack occurs via web server.  Warn if the servers are accessed out of hours.  Warn if the same user tries more than three failed logon attempts to different machines in a minute.
  • 10. 10 | P a g e  Warn If an attack followed by account change  Warn If scan followed by an attack  Detects an Unusual Condition Where A Source Has Authentication Failures At A Host But That Is Not Followed By A Successful Authentication At The Same Host Within 2 Hours  Look for a new account being created followed by immediate authentication activity from that same account would detect the backdoor account creation followed by the account being used to telnet back into the system  Monitor same source having excessive logon failures at distinct hosts,  Check whether the source of an attack was previously the destination of an attack (within 15 minutes)  Check whether there are 5 events from host firewalls with severity 4 or greater in 10 minutes between the same source and destination IP  Look for a new account being created, followed shortly by access/authentication failure activity from the same account  Monitor system access outside of business hours The Competition In this section SureLog and our main competitors’ EPS performance, correlation capability and log management integration features will be compared. When available, product development official documents are also given as a reference to the comparison result. Alienvault:Appliance setup can be a little challenging. Max Correlation EPS performance is limited to 10 000 EPS. All SIEM logs are stored in the MySQL database and this causes an issue in terms of scalability, especially with high log volume environments because backup and restore is time and CPU/RAM consuming. The biggest issue we have seen with the product is its poor stability. With too many components, myriad integration and many scripts, the product is likely to be unstable. Alienvault uses cross Correlation rules to connect just IDS events and vulnerabilities which is very limited. Also you cannot develop rules like User Has Authentication Failures at a Host Not Followed by a Successful Authentication at the Same Host by the Same User within 2 Hours, because username relation between two events is not possible. Also, computer name relation is not possible. Another rule sample that you cannot develop: If condition occurs, then within 5 minutes, condition B occurs and condition C does not occurs and condition D occurs. This is because ‘Not occur’ is not supported in Alienvault Directives. Alienvault has drawbacks in rule definitions such as having to restart the server after editing a rule or adding a new rule. Prices for 1000 eps collection + 1000 EPS collation = 25000 USD CorreLog:CorreLog’s correlation engine is very primitive. There is no user-friendly correlation rule editor. Taxonomy, creating scenarios based on multiple rules and cross correlation rules are not supported. Everything is query based. Lacks some high-end features, such as an interactive report generator. There is no report template support. Pre-defined reports like Deleted files, Attack reports etc. are missing. Rule editor needs a specific notation and it is hard to develop a simple rule. EIQNetworksSecureVue:It is a resource monster SIEM solution. Just for 1000 EPS, SecureVue requires a Dual Quad Core 2.0 GHz, 64 GB RAM, 15 K RPM Disk.
  • 11. 11 | P a g e Eventtracker:The Eventtracker correlation engine is not as powerful as SureLog. Taxonomy is not supported. EPS is not considered a critical issue and there is no data about EPS performance. LogRhythm:LogRhythmis a good competitor. But LogRhythm system requirements are high; for just 1000 EPS, LogRhythm requires 6 Core, 64 GB RAM. LogRhythm report-building is limited by its use of Crystal Reports. It has limitation in Crystal Reports. Anon-editable template must be created, then the report is created against the template. The template needs a preview option, as well as an edit option. Also prices start at 25000 USD and for 1000 EPS and it reaches 75 000 USD. ManageEngine:ManageEngine Firewall Analyser and ManageEngine Event Analyser are two different products; one for firewalls and one for mainly Windows. They are not integrated. ManageEngine EventAnalyzer's correlation engine is very simple. Firewall Analyser does not have a SIEM-like correlation engine. There is no taxonomy support. Requires huge resources for high EPS and device support is very limited. Splunk:Splunk is a log search framework. Not a complete SIEM solution and costly for large enterprise installations. Splunk is often significantly more expensive than competing SIEM solutions. Splunk doesn’t do In-Memory Correlation. Splunk may require additional installation assistance. SolarwindsLEM:TheSolarwinds LEMcorrelation engine isvery simple. For example, you cannot create arule to detect An Unusual Condition Where A Source Has Authentication Failures At A Host Not Followed By ASuccessful Authentication At The Same Host Within 2 Hours. Solarwinds LEMdoes not support creating scenarios based on multiple rules. Threshold rules are very limited. For example you cannot create a rule such as the following: If you want to check whether there are 5 events from Host Firewalls with severity 4 or greater in10 minutes between the same source and same destination IP. There is no data for bigger installations but initial requirements are: 8 GBRAM, Dual processor, 3GHz. Most reports are client-based. WEB based reports are limited. EPS performance is very limited also. TripwireLogCenter:Tripwire Log Center isaresource monster SIEM solution; for only 500 EPS, the Tripwire Log Center requires Quad processor/Six core 64 GBRAM 10K RPM. The SureLog correlation engine issuperior to than tripwire. Also not cost-effective for some environments. Trustwave:Trustwave has very limited EPS performance. There isno capacity above 3400 EPS. The SureLog correlation engine issuperior to that ofTrustwave. Report wizard can be cumbersome to use, and manual custom report creation requires SQL and XML skills.Also expensive and hard to use.
  • 12. 12 | P a g e SureLog FAQ LogEventCollection  Does ANETSureLog deploy eventcollectors as agent-less? YES  Does ANETSureLog providea comprehensiveout-of-the-boxcoverageacrossalltypesof event sources?YES  Are failuresof theevent collection infrastructuredetected immediately and operationspersonnel notified?YES  Does ANETSureLog supporttheability to parsemulti-line log files? YES  Does ANETSureLog havea toolkitto allow customersto create integration with unsupported legacy or home-grown eventsources? YES(Itsupportsdeveloping customparsersvia XMLdefinitions)  Does ANETSureLog providean agent-lesssolution thatcan automatically accepteventsand startto monitordeviceswithoutany administratorintervention? YES  Can ANET SureLog importapplication logs? YES  Does ANETSureLog collect logsin a distributed manner,offloading theprocessing requirementsof the log managementsystemfortaskssuch asfiltering,aggregation,compressionand encryption?YES  Can ANET SureLog import syslog?YES  Can ANET SureLog importHTTP requestsmadeon yourwebsite? YES × Does ANETSureLog provideencrypted transmission of log data to the log managementsystem? NO LogEventProcessing  Does ANETSureLog categorizelog data into an easily readableformatto eliminate the need to know vendor-specificeventIDs?YES  Does ANETSureLog providethe ability to reduce eventdata through filtering or aggregation beforeit is sent to thelog managementorcorrelation system? YES  Is ANETSureLog capableof correcting eventtime for systemswith incorrect timestamps? YES  Does ANETSureLog normalizeall collected eventdata into a consistentformat(e.g.,NIST800-92)? YES
  • 13. 13 | P a g e SIEMAnalysisandReporting  Does thesolution allow for a quick drill-down fromhigh level to low level? YES  Are eventdatalists automatically populated by thesystemfortracking thingssuch as attacks,user sessionsand otherpolicy violations? YES  Does ANETSureLog reportwhich machinesaresending the log data? YES  Does ANETSureLog havecorrelation for eventsfrommultiple eventsources,many thatdo not contain userinformation,into a concise set of actionsperformed by a specific individual? YES  Does ANETSureLog aggregateand suppressalerting with granularoptionsand useconditionallogic to determineif an alert should begenerated? YES  Does ANETSureLog offera reporting interfacethatcan leverageexisting reportsor the creation of newreports? YES  Does ANETSureLog continueto work(withoutmodifications) if a particulartechnology,such asa Firewall or IDS product,isreplaced with a newer productorvendor? YES × Does thesolution allow to dynamically calculatea threatscore based on multiple criteria? NO SecurityEventCorrelationRules  Does thesolution providea rule authoring system? YES  Does ANETSureLog’s correlation engineprovidemany correlation rules out-of-the-boxto automate incident detection and workflowprocess? YES  Does ANETSureLog allow rules to be triggered in a series,matching variouscorrelation activitybefore an alert is generated? YES SecurityIncidentCompliance  Does thesolution provideout-of-the-box contentforcomplianceregulation NERC? YES  Does thesolution provideout-of-the-box contentforcomplianceregulation FISMA? YES  Does thesolution provideout-of-the-box contentforcomplianceregulation HIPAA? YES  Does thesolution provideout-of-the-box contentforcomplianceregulation PCI-DSS?YES  Does ANETSureLog providethe frameworkto reporton ISOor NISTcomplianceitems thatcan be mapped directly to any regulatory standard orenterprisesecurity policy? YES  Does thesolution provideout-of-the-box contentforcomplianceregulation SOX? YES × Does ANETSureLog alert when notin compliance? NO
  • 14. 14 | P a g e SecurityIncidentDetection  Is ANETSureLog able to correlateevent data againststaticlists of items thatthe customerdoesn't allow on the network(i.e.list of insecureprotocols)? YES  Can ANET SureLog correlateDHCP, VPN and ActiveDirectory eventsto providesession tracking for every user in the enterprise? YES  Is ANETSureLog capableof keeping a statistical baselineof "normal"monitored activity (e.g., attacker,target,ports,protocolsand session data)? YES  Is ANETSureLog capableof detecting patternsof activity thatwould otherwisego unnoticed by real- time correlation? YES  Does thesolution incorporatedatafromVulnerability Assessmentproductsin orderto dynamically definethe eventpriority? YES  Is ANETSureLog capableof presenting categorized data to the correlation engine to allow real-time detection and response? YES  Is ANETSureLog capableof correlating activity acrossmultiple devices out-of-the-box to detect authentication failures,perimetersecurity,wormoutbreaksand operationaleventsin real-time withouttheneed to specify particulardevice type? YES  Does ANETSureLog allow customersto create objectssuch asfilters or search queriesthatare reusablethroughoutthesystem? YES  Does thesolution dynamically read fromand add data fromeventsto lists? YES × Is ANETSureLog capableof monitoring attackhistory againstcritical assetsor by particularusers? NO The Competition References  http://www8.hp.com/tr/tr/software-solutions/arcsight-esm-enterprise-security-management/tech-specs.html  http://www.eiqnetworks.com/pdfs/2013_Datasheets/SecureVue-Log-Management-and-SIEM- Data%20Sheet.pdf  https://www.trustwave.com/Resources/Library/Documents/Trustwave-SIEM-Log-Management-Appliances- Overview  https://www3.trustwave.com/siem-log-management-enterprise-appliance  http://www.tripwire.com/tripwire/assets/File/docs/Tripwire_Log_Center_Sizing_Matrix.pdf  http://www.logzilla.net/products/recommended-hardware  http://www.solarwinds.com/log-event-manager.aspx#p_systemrequirements  http://www.accelops.com/services/faq/#question1712  https://www.alienvault.com/docs/data-sheets/AV-USM.pdf  https://www.netiq.com/documentation/sentinel70/s701_install/data/btmckgy.html#bwwvoik  http://www.01.ibm.com/support/knowledgecenter/SS42VS_7.2.4/com.ibm.qradar.doc_7.2.4/c_hwg_3105_all one_base.html