Seven Hot Security Management Tools
As channel customers struggle to keep up with the endless stream of device logs and security information necessary to adjust infrastructure and procedures to mitigate risk, they’re looking to partners to offer them the right solutions and services to do just that. The security information and event management (SIEM) and log management markets offer a plethora of options to choose from. In the last two quarters the channel has seen a number of announcements for new and updated products meant to help customers convert the torrent of security data coming from relevant devices into actionable information. Channel Insider explores some new tools on the market.By Ericka Chickowski
Product: ArcSight Logger 4Launched: Nov. 2, 2009
New Features:
Logger 4 now adds the key capability to comb through unstructured data such as e-mail and instant message log records on top of existing capabilities for analysis of structured data such as that contained within databases. The log management tool is a key add-on to ArcSight’s SIEM Platform, known round the industry as the granddaddy of SIEM.
Product: nFXSIMOneLaunched: Jan. 28, 2010
New Features:
Targeted specifically for managed service providers, nFXSIMOne provides expanded group assignment to improve management of customer, device and scanner groups, along with improved streamlined rule setting by allowing implementation of new rules by reusing group assigment as the source condition for a rule. Also added improved vulnerability correlation and better integration with HP OpenView.
Product: Tripwire Log CenterLaunched: Jan. 28, 2010
Key Features:
Integrates log management and security event management with the better-known Tripwire configuration controls to automate mitigation activities and report on actions in order to prove compliance later on down the road.
Product: NitroView V8.4Launched: Jan. 19, 2010
Features:
Offers a unified workflow and "single pane of glass" interface for all SIEM and log management functions, minimizing time required to search and correlate log information and actual events. Also added was a geo-location function that provides a visual representation of where external activities are located. Designed to seamlessly integrate with Nitro’s database monitoring, IPS and application monitoring tools.
Product Announcement: OEM integration of QRadar into Juniper Networks new Junos SpaceLaunched: Oct. 29, 2009
Features:
Q1 Labs is teaming up with Juniper to seamlessly integrate QRadar SIEM, Log Manager and security intelligence products into the new Junos Space platform, a modular, services oriented architecture. The strengthened OEM relationship will better help service providers offer economical security services.
Product: Tenable Log Correlation Engine 3.4Launched: Nov. 23, 2009
Features:
Working hand-in-hand with Tenable’s flagship Nessus vulnerability scanner, the newest version of its log correlation engine adds file integrity monitoring, a new ability to import and analyze historic logs and programmability of response actions based on the types of alerts flagged by the system.
Product: TriGeo SIM Version 5.0Launched: Feb. 16, 2010
Features:
Designed specifically for midmarket companies that can’t afford to implement the most expensive SIEM systems, TriGeo SIM’s latest iteration improved its performance 300-fold by tweaking its in-memory correlation engine. Also added are enhanced database activity monitoring, expanded rule-building, USB enforcement and expanded reporting features.