LogLogic Security Event Manager
Hacking of valuable customer data is becoming a lucrative business. Security attacks are on the rise – and attackers are stealthy, persistent, and focused. With an enormous and growing amount of siloed, geographically dispersed data to protect, defending against a breach is difficult.
TIBCO LogLogic Security Event Management provides intelligent, easy-to-use security protection for IT infrastructure and assets. It collects, monitors, and correlates log-file big data to help you identify even the most sophisticated threats. TIBCO LogLogic patented technology automatically correlates IT data assets against known patterns of behavior, resulting in real-time protection out-of-the-box.
Using rules, the system establishes relationships among messages or events generated by devices, systems, and applications. It detects anomalous conditions in near real time and tracks and analyzes the progression of an attack, event, or user across systems within a specified time window.
A library of predefined, customizable correlation rules avoids time-consuming tuning and management, and correlation can be conducted over long time periods using all IT data to further enhance security of IT assets.
LogLogic SIEM Capabilities
Real-time protection out of the box
- Correlates external and internal patterns for known and unknown threats
- Anomaly-based alerting by developing baseline and trending over time
- Real-time alerting on events such as password brute force, denial of service, account hijacking, virus outbreak and many more
- Precise recommendations for threat removal
Faster time to resolution with sophisticated incident management and forensics
- Quickly and easily resolve underlying security issues within seconds, not days, with advanced root cause analysis and forensic workflow
- Tracks all user activity across all systems, not just security systems
- Integrates with service desk management systems
Increases your ROI – easy to deploy, customize and maintain
- Deploy in hours, not months or years
- Accurate security event manager that practically eliminates false positives with LogLogic’s unique taxonomy system – no complex rules to maintain
360-degree view of your total security stance
- Provides a complete interface to see everything that goes on in your IT infrastructure
- Out-of-the-box parsed reports for access control, network activity, database, IDS, email, Web activity, legacy system activity and policy information
- Tracks all user activity such as asset misuse, proxy bypass, rights changes, configuration changes, geographical activity and many more
Scalable and extensible
- Correlates over 10,000 events per second with a multi-level correlation architecture that can scale across multiple appliances
- Open API that easily integrates with your existing analytical solutions