| Tim Peterson (not his real name), an IT Security | | | | with asset policy violation, availability information and |
| Engineer with one of the largest oil companies in the | | | | anomalous network behavior will make more sense of |
| Middle East, is very frustrated these days. His chief | | | | the threat pattern, in fact that's actionable intelligence. |
| concern is the complexity in manual collection and | | | | So what is the use of log data when they can't make |
| correlation of security data for incident identification | | | | sense? When they don't give situational awareness? |
| and remediation. He spends hours querying and writing | | | | End of the day Tim would get reports from the SIEM |
| scripts to collect and compile data after a security | | | | which are useful from compliance point of view. But |
| incident. For further forensics and root cause analysis | | | | what about security? Tim still would be giving a report |
| of the security incident his team takes days. Many of | | | | of 'what happened' to his management, he don't even |
| the team members are already multi-tasking because | | | | have full visibility on the extend of damage caused by |
| of reduced workforce. | | | | the security incident. |
| Tim has secured his network with security devices like | | | | Tim need a solution which helps him to tell the |
| routers, web content filters, firewalls, IPS but still lacks | | | | management' what is happening', he wants to |
| full visibility in certain areas of security. His company is | | | | automate incident identification and need better visibility |
| using multiple tools for collecting and managing | | | | in all areas of his network security. He want to react |
| information from these devices resulting in | | | | faster and proactively respond to emerging security |
| heterogeneous set of data for the Network | | | | incidents before damage is caused. |
| Operations Center (NOC), Security Operations center | | | | SecureVue from eIQnetworks delivered Tim's |
| (SOC) and audit team. There is lot of data redundancy | | | | requirement. SecureVue is an Enterprise Security |
| also. Unfortunately these tools don't talk to each other | | | | Management (ESM) solution for security, risk and audit |
| nor share the data. They do not have collaboration | | | | automation. Collaboration and correlation is the central |
| and correlation capability. | | | | theme of SecureVue. SecureVue collects log, |
| Recently Tim planned to add a Security Information | | | | vulnerability, configuration, asset, performance and flow |
| and Event Management (SIEM) or SIM solution for log | | | | data from all devices, hosts, applications and |
| management but it would have made things more | | | | databases across the enterprise in a single integrated |
| complex. SOC would be flooded with too much of log | | | | platform enabling Tim to automate incident identification |
| data. SOC targeted better incident identification and | | | | to drive efficiency and reduce management |
| visibility by adding SIEM in their kit but didn't meet his | | | | complexity. Now Tim can react faster and respond to |
| requirement completely. He was worried of 'false | | | | emerging threats like policy violation, non standard |
| positives' because just monitoring log data cannot | | | | processes, installation of rouge application, potential |
| deliver situational awareness related to critical security | | | | financial fraud, identity or data theft, etc. |
| incidents. SIEM tools are blind to configuration changes | | | | Tim is ready for any security threats as he knows his |
| of your devices and, what about the asset data, | | | | network is very secure now with the end-to-end root |
| performance data and network behavioral anomaly? | | | | cause analysis, historical trends & pattern analysis, |
| They are all important. Tim gets log alerts from the | | | | faster forensic analysis, SecureVue robust correlation |
| SIEM but how can he confirm a security breach with | | | | engine and a single console view for security & |
| just log data; he needs more data. He need to | | | | compliance. SecureVue provide visibility across |
| correlate the log event alert with configuration data | | | | networks, servers and application layers to enable |
| and see if any configuration changes where made, | | | | Tim's organizations to gain a comprehensive |
| who made that changes, what changes where made. | | | | understanding of the infrastructure's overall security |
| Did this effect the performance? Correlating these | | | | posture. SecureVue even made Tim's job secure! |