Catalogs >
Extreme Networks >
Security Information & Event Manager (SIEM)

Security Information & Event Manager (SIEM)
9Pages

Catalog excerpts

Security Information & Event Manager (SIEM) - 1

DATA SHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Delivers fast, accurate data about security threats: • Enables NOC and SOC staff to focus on actionable information rather than struggle to interpret millions of daily events generated by network security appliances, switches, routers, servers, and applications • Uses advanced surveillance and forensics analysis to deliver situational awareness of both external and internal threats including inappropriate content, IM, file transfers, traffic from undesirable geographies, data theft, and malicious worm infections • Leverages existing investments in network and security infrastructure while accelerating time to value through out-of-box functionality, rapid deployment, and staff efficiency gains • Integrates with Extreme Networks Intrusion Prevention System (IPS), Network Access Control (NAC), and NMS Automated Security Manager solutions to provide a unified, realtime view of the threat landscape and effectively detect, isolate, and automatically remediate threats • Integrates with a broad array of third party security and network products, including firewalls and routers, for the highest level of visibility and protection • Virtual Flow Collector allows the analysis of network behavior and enables Layer 7 visibility within virtual infrastructures • Meets the deployment requirements of the largest enterprises with modular component options and easily deployed high availability functionality - Severity of an attack - Importance of the affected asset - Identity of the attacker - Credibility of data sources - Identification of abnormal behavior Product Overview The Extreme Networks Security Information and Event Manager (SIEM) product combines best-in-class detection methodologies with behavioral analysis and information from third party vulnerability assessment tools to provide the industry’s most intelligent security management solution. Extreme Networks SIEM delivers actionable information to effectively manage the security posture for organizations of all sizes. The challenge created by most threat detection systems is the volume of information they generate — making it difficult to determine which vulnerabilities require an immediate, high priority response. The Extreme Networks SIEM solution addresses this challenge and provides powerful tools that enable the security operations team to proactively manage complex IT security infrastructures. Extreme Networks Security Information and Event Manager: • Goes beyond traditional security information and event managers and network behavioral analysis products to deliver threat management, log management, compliance reporting, and increased operational efficiency • Collects and combines network activity data, security events, logs, vulnerability data, and external threat data into a powerful management dashboard that intelligently correlates, normalizes, and prioritizes — greatly improving remediation and response times, and greatly enhancing the effectiveness of IT staff • Baselines normal network behavior by collecting, analyzing, and aggregating network flows from a broad range of networking and security appliances including JFlow, NetFlow, and SFlow records. It then discerns network traffic patterns that deviate from this norm, flagging potential attacks or vulnerabilities — anomalous behavior is captured and reported for correlation and remediation Security Information & Event Manager – Data Sheet

Open the catalog to page 1

Security Information & Event Manager (SIEM) - 2

• Tracks extensive logging and trend information, and generates a broad range of reports for network security, small central site or enterprise department may have higher event and flow collection rate requirements. The SIEM Appliance for network optimization, and regulatory compliance purposes; Small Enterprises (model DSIMBA7-SE) provides an ideal all-in-one report templates are provided for COBIT, GLB, HIPAA, PCI, option for these environments. The SIEM Enterprise Base Appliance models (DSIMBA7-LX All SIEM appliances offer High Availability (HA) functionality and DSIMBA7-LU) provide a...

Open the catalog to page 2

Security Information & Event Manager (SIEM) - 3

source/destination TCP port, and IP protocol used. SIEM Network the virtual network infrastructure. A SIEM Virtual Flow Collector is a Behavioral Flow Sensors are deployed at strategic points in the virtual appliance that enables the analysis of network behavior and network to collect IP traffic flow information from a broad range Layer 7 visibility within the enterprise’s virtual infrastructure. SIEM of networked devices — including switches, routers, security Virtual Flow Collectors support up to 10,000 flows per minute and appliances, servers, and applications. SIEM Network Behavioral...

Open the catalog to page 3

Security Information & Event Manager (SIEM) - 4

Hard Disk Network Interfaces Power Supply * Note: Higher Scalability beyond the upgrade options can be achieved using External Flow Anomaly Processors & Event Processors SIEM CONSOLE MANAGER MODEL SIEM Virtual Console Manager SIEM Console Manager Appliance N/A (External Virtual Flow Anamoly Processor Required) N/A (External Flow Anamoly Processor Appliance Required) N/A (External Virtual Event Processor Required) N/A (External Event Processor Applaince Required) Appliance Form Factor 2 x Quad-Core Intel Xeon Processor; Frequency: 2.4 GHz; L3 Cache: 12 MB Hard Disk Network Interfaces Power...

Open the catalog to page 4

Security Information & Event Manager (SIEM) - 5

SIEM EVENT PROCESSOR MODEL SIEM Virtual Event Processor SIEM Event Processor Appliance Upgrade Options Appliance Form Factor Software License Upgrades Additional Event processing: DVEVP-200E-UP, DVEVP-500EUP, DVEVP-1KE-UP Software License Upgrades Additional Event processing: DSEVPS7-UP 2 x Quad-Core Intel Xeon Processor; Frequency: 2.4 GHz; L3 Cache: 12 MB Hard Disk Network Interfaces Power Supply ** The maximum event processing may require an optional license upgrade. SIEM FLOW PROCESSOR MODEL SIEM Virtual Flow Processor SIEM Flow Processor Appliance Base: 15,000 Flows Maximum: 50,000...

Open the catalog to page 5