How do I get continuous visibility so i can understand where the vulnerabilties are and take corrective action in a timely Manner?Do you need an answer to this question? SECNOLOGY provides a comprehensive solution to this challenge, and the answer starts here. The first step is to gather network & security events.
The first thing to do when you want to acquire continuous visibility to improve your network security is to collect all the information needed. Why? Just imagine that your IDS has detected an attack against one of your servers. The security manager will have to investigate many different events generated by numerous devices: routers, firewalls, gateways, etc… to see if there is a hidden clue regarding this attack.
The challenge is that this information is everywhere since all network and security devices generate their own event data, potentially creating gigabytes of data in a short time.
With SECcollect, SECNOLOGY can collect a large number of events directly from devices, registry or files in real time, on events or on demand. SECcollect can manage all types of formats, including those from custom in-house applications, without the need for developers or toolkits. Store data centrally and/or remotely, archive and secure the data according to policy, and automatically manage the whole data life cycle, including availability, accessibility, integrity, confidentiality, segregation, period retention and purging, in accordance with your policies.
SECcollect is not intrusive and can collect data in real-time from a large number of devices simultaneously using a many standard protocols: UDP, TCP, SSL, SNMP, POP3, CIDEE, SDEE, NetFlow, jFlow, sFlow, MS-EVENTS and LEA OPSEC. Because of its multi-threading and multi-processing architecture, SECcollect can process hundreds of thousands of events per second.
SECcollect does not have to parse, normalize and store the data in a database. This advantage makes SECcollect able to outperform all its competitors with an unprecedented level of performance. SECcollect listens only to authenticated sources and writes the data in standard flat files in contiguous sectors as raw data, filtered data or both at the same time.
SECcollect collects real-time events from anywhere as long as the data flow reaches the SECcollect destination with the right protocol, the right source IP address and on the right service port. SECcollect may be a TCP or UDP SYSLOG Server, but it is much more than that.
By supporting the MS-EVENTS protocol, SECcollect is able to collect all Windows Events remotely without needing to install an agent or client on the Windows systems. The complete collect runs remotely.
