Situational Awareness: Visibility Across the Enterprise
Many organizations - from commercial enterprises, to military, civilian and intelligence agencies in federal government - recognize the need to implement comprehensive information security monitoring and management to gain visibility of risks and threats. This discipline, known as situational awareness, involves gaining an understanding not only of many different aspects of security information - from system configuration changes, to network data flow patterns, to individual events occurring on servers, workstations, network devices, applications, and databases - but also recognizing how these different types of data affect each other.
Unfortunately, a piecemeal approach to information security tools that don't talk to each other fails to achieve the goal of true situational awareness. As an example, traditional log management and security information and event management (SIEM) offerings leave organizations blind to certain types of attacks, such as those that shut off logging, and or involve configuration changes to critical devices. Moreover, even if these organizations maintain multiple security point solutions - such as
SIEM,
configuration
auditing, network traffic monitoring, vulnerability scanners, and performance monitoring - these products do not share data with each other, leaving organizations to guess whether, for example, an unauthorized configuration change on a server or firewall was accidental, or prefaced by unusual events or network traffic patterns that could signal a malicious attack that "owned" the system.
SecureVue: Situational Awareness and Risk Management for the Enterprise
SecureVue, eIQnetworks' unified threat and compliance solution, addresses these limitations by collecting a full range of security data from across the enterprise, including
logs and events,
configuration and asset data, vulnerability data, network flow data and performance data.
SecureVue records, monitors and correlates (with a single data model) the widest range of relevant information of any vendor in the market, allowing security professionals to analyze breaches or attacks from a single viewpoint rather than having to use multiple tools. With SecureVue, enterprises gain awareness into activity across the IT infrastructure to ensure real-time identification, prioritization, and response to policy breaches, cyber attacks and insider threats.
SecureVue's value lies in its ability to add both breadth and depth of visibility to customers' entire network, (not just log data) and the ability to react once situational awareness has been established. Capabilities and features of the SecureVue platform that enable situational awareness and risk management include:
Capture and storage of all security data, including logs and events, configuration and asset data, known vulnerabilities, performance metrics, and network flow data
Correlation across all security data - no more security data "silos"
Highly-scalable architecture with agentless technology
Log management
Vulnerability management
Configuration auditing
Asset management
Performance monitoring
Network flow analysis
No 3rd party databases to manage
In addition, SecureVue is designed to meet the rigorous security requirements necessary for use in the largest government agencies and military branches: SecureVue is certified under the NIST FIPS-140-2
standard for data encryption and integrity, and is currently in-process NIAP Common Criteria EAL4+ certification.
By collecting, archiving, correlating, analyzing and reporting on log, vulnerability, configuration, asset, performance and network flow data, the SecureVue UTC assessment platform provides a single, unified solution to achieve situational awareness, make risk-based decisions, and establish comprehensive information assurance.
Capture and storage of all security data, including logs and events, configuration and asset data, known vulnerabilities, performance metrics, and network flow data