“Every (little) bit counts…”
The MSS extends its network-based IDPS and flow analysis capabilities with Security Information/Event Management (SIEM) features that support the correlation of system logs from most 3rd party devices. The following table lists the most popular 3rd-party devices supported by the MSS. (this is not an exhaustive list and many other types of devices are supported)
|Firewalls||Netscreen, PIX, ASA, FWSM, Checkpoint, SonicWall|
|IDS||Cisco, SourceFire (snort) ,Dragon, CheckPoint Smart Defense|
|AV||McAfee VirusScan Enterprise v8 and v8.5|
|Imapd, pop3d, Postifx,Sendmail,vpopmail, Microsoft Exchange, Courier ipmapd/pop3d, pop3-ssl, vm-pop3d, SMF-SAV, Procmail, Mailscanner|
|Web||Apache, IIS 5/6, Zeus, Horde imp, Modsecurity|
|Cisco IOS Routers||All|
“We bring it all together..”
All the log messages (in the red folders in the screenshot) are correlated with security event information generated by the MSS to give a comprehensive view of what is happening in the Enterprise. All logs are also stored, categorized and included in daily and weekly executive interactive reports.
System log storage is a key component for demonstrating regulatory compliance with all current security standards. The MSS provides all the necessary features to meet and exceed these regulatory requirements. In fact, the MSS goes well beyond simply storing system logs by offering a scalable log analysis tool based on OSSEC.The MSS SIEM capabilities therefore provide a very powerful, yet affordable set of capabilities to meet and exceed the challenges of regulatory compliance across a number of industries.