“Every (little) bit counts…”

The MSS extends its network-based IDPS and flow analysis capabilities with Security Information/Event Management (SIEM) features that support the correlation of system logs from most 3rd party devices. The following table lists the most popular 3rd-party devices supported by the MSS. (this is not an exhaustive list and many other types of devices are supported)

Firewalls Netscreen, PIX, ASA, FWSM, Checkpoint, SonicWall
IDS Cisco, SourceFire (snort) ,Dragon, CheckPoint Smart Defense
AV McAfee VirusScan Enterprise v8 and v8.5
Databases MySQL, PostgreSQL
Mail Imapd, pop3d, Postifx,Sendmail,vpopmail, Microsoft Exchange, Courier ipmapd/pop3d, pop3-ssl, vm-pop3d, SMF-SAV, Procmail, Mailscanner
Web Apache, IIS 5/6, Zeus, Horde imp, Modsecurity
Cisco IOS Routers All
Cisco VPN All
Unix-based Servers All
Microsoft Servers All
OSSEC All

“We bring it all together..”

All the log messages (in the red folders in the screenshot) are correlated with security event information generated by the MSS to give a comprehensive view of what is happening in the Enterprise. All logs are also stored, categorized and included in daily and weekly executive interactive reports.

new siem 300x215 SIEM and Log Management

IT Compliance

System log storage is a key component for demonstrating regulatory compliance with all current security standards. The MSS provides all the necessary features to meet and exceed these regulatory requirements. In fact, the MSS goes well beyond simply storing system logs by offering a scalable log analysis tool based on OSSEC.The MSS SIEM capabilities therefore provide a very powerful, yet affordable set of capabilities to meet and exceed the challenges of regulatory compliance across a number of industries.