Dallas, Texas, August 17, 2009 – Global DataGuard®, the premier provider of network behavior analysis-based (NBA) Enterprise Unified Threat Management for small and medium businesses to large enterprise environments, has enhanced its System Information Event Management+ (SIEM+) technology with the release of version 3.4 to provide increased storage – up to 1.5 terabytes of onboard storage; advanced search capabilities for locating and analyzing specific log events over vast periods of time; and more sophisticated log parsing and alerting that’s designed to help businesses achieve full regulatory compliance. The SIEM+’s ability to collect, analyze, respond to and retain log information is instrumental in offering visibility into IT operational efficiencies, detecting potential security breaches, providing forensic capacity, and enabling corporate accountability across an organization’s entire enterprise.
Recent data breaches show that employees and other internal threats are responsible for upwards of 50% of data theft. According to Gartner analysts, log management is becoming more important to organizations as compliance requirements – such as PCI DSS – mandate the capture and retention of audit trails, particularly those related to sensitive cardholder data and personal information.
“Global DataGuard’s log management and monitoring solution is one of the first systems of its kind to include innovative active response capabilities. It can help companies to identify and prevent security breaches, hacker or insider intrusions, or other activities that can harm valuable corporate assets,” stated Scott Paly, chief executive officer for Global DataGuard. “Moreover, this robust capability integrates with our adaptive, predictive Enterprise UTM portfolio to provide customers with features that can be customized to fit their unique business requirements.”
Real-time Log Monitoring, Analysis and Correlation
With the SIEM+, all log files are continuously analyzed by customer-specified rule sets and then retained for reporting and forensics. Detected policy violations or activities of interest result in alerts on the unified management console for further analysis, incident response and ticketing. In addition, the SIEM+:
- Collects, normalizes, aggregates, compresses and encrypts log data from disparate 3rd party routers, switches, firewalls, IDS/IPS, AV, SPAM/spyware, Windows, UNIX and Linux systems and associated applications;
- Adds necessary resources, services and applications to a Whitelist to ensure that critical network ports and services are never accidentally blocked;
- Provides a sophisticated search and parsing capability;
- Allows an organization to customize the severity of log alerts;
- Enables users to define their own custom online SLA within the Global DataGuard Security Alert Response Procedure (SARP); and
- Automates the process of producing comprehensive reports and enables 24/7 online access, via the Enterprise UTM++ monitoring console, so customers can easily review relevant data that can identify an anomaly or threat.
As an Approved PCI Scanning Vendor, Global DataGuard originally designed the SIEM+ to address PCI DSS requirements through log file harvesting, parsing and alerting. The SIEM+ can help an organization achieve full PCI compliance because it:
- Enables logging for all events, with data on user ID, customizable groups, type of event, date and time, success or failure indication, origination of event, and identity of the system component;
- Provides 1.5 terabytes of onboard storage to hold collected log information;
- Ensures that viewing of audit trails is limited to those with a job-related need
- Protects audit trail files from unauthorized modification – existing log data cannot be changed; and
- Makes log data accessible through a local NAS partition.
The SIEM+ integrates at the architectural level with all of Global DataGuard’s industry proven, Enterprise UTM applications to provide early warnings of threats that other solutions may not see, reduce false positives, and enable unparalleled management of a company’s total information security environment. The System Information Event Management+ is priced at $30,000 in the U.S., and it can be leased with turnkey managed services for $2,815.00 per month. Because the SIEM+ is a fully integrated component within the Global DataGuard Enterprise UTM++™ portfolio, custom configurations can be designed and priced based on an organization’s unique network requirements.