SECcollect

How Do I Get continuous Visibility ?

How do I get continuous visibility so i can understand where the vulnerabilties are and take corrective action in a timely Manner?Do you need an answer to this question? SECNOLOGY provides a comprehensive solution to this challenge, and the answer starts here.  The first step is to gather network & security events.





Gather Your Security Events

The first thing to do when you want to acquire continuous visibility to improve your network security is to collect all the information needed. Why? Just imagine that your IDS has detected an attack against one of your servers. The security manager will have to investigate many different events generated by numerous devices: routers, firewalls, gateways, etc… to see if there is a hidden clue regarding this attack.

The challenge is that this information is everywhere since all network and security devices generate their own event data, potentially creating gigabytes of data in a short time.






Collect Events in Real-Time

With SECcollect, SECNOLOGY can collect a large number of events directly from devices, registry or files in real time, on event or on demand.  SECcollect can manage all types of formats, including those from custom in-house applications, without the need for developers or toolkits.  Store data centrally and/or remotely, archive and secure the data according to policy, and automatically manage the whole data life cycle, including availability, accessibility, integrity, confidentiality, segregation, period retention and purging, in accordance with your policies.



NOT instrusive


How SECcollect is not intrusive ?

SECcollect is not intrusive and can collect data in real-time from a large number of devices simultaneously using a many standard protocols: UDP, TCP, SSL, SNMP, POP3, CIDEE, SDEE, NetFlow, jFlow, sFlow, MS-EVENTS and LEA OPSEC.  Because of its multi-threading and multi-processing architecture, SECcollect can process hundreds of thousands of events per second.

SECcollect does not have to parse, normalize and store the data in a database. This advantage makes SECcollect able to outperform all its competitors with an unprecedented level of performance. SECcollect listens only to authenticated sources and writes the data in standard flat files in contiguous sectors as raw data, filtered data or both at the same time.


Seccollect_non_intrusive


Manage all Event Data with SECcollect


Authenticate the data source

Collect

Transfer to SECmanage in real-time

Parse

Filter

Store in raw format

Store as filtered

Timestamp

Compress

Investigate after an incident

Encrypt

Segregate data events

Seal

Duplicate

Evaluate triggers and measure thresholds

Process data events

Manage the Life Cycle of data events

Provide dashboards

Generate Reports in real-time

Record all the traces of all actions





Collect from anywhere

SECcollect collects real-time events from anywhere as long as the data flow reaches the SECcollect destination with the right protocol, the right source IP address and on the right service port.  SECcollect may be a TCP or UDP SYSLOG Server, but it is much more than that.

By supporting the MS-EVENTS protocol, SECcollect is able to collect all Windows Events remotely without needing to install an agent or client on the Windows systems. The complete collect runs remotely.





CASE STUDIES