SIEM & Unified Threat Intelligence

Complete Visibility in a Fraction of the Time of Traditional SIEM

Improve how you manage cyber threats by unifying all of your essential security tools in one location and combine them with real‐time threat intelligence. Utilizing a Unified Security Management (USM) platform accelerates and simplifies threat detection, incident response and compliance management for IT teams with limited resources, starting on day one. With essential security controls and integrated threat intelligence built‐in, the USM appliance puts complete security visibility of threats affecting your network ‐ and how to mitigate them – within fast and easy reach.

Whether large or small, all organizations need complete visibility to:

  • Detect emerging threats across their environments, on-premise and in the cloud
  • Respond quickly to incidents and conduct thorough investigations to contain and mitigate threats
  • Measure, manage, and report on compliance (PCI, HIPAA, FFIEC, etc.)
  • Optimize existing security investments and reduce risk

Our USM appliance delivers this complete security visibility by providing the five essential security capabilities in a unified platform, controlled by a single management console:

  • SIEM – log management, event correlation, analysis, and reporting
  • Behavioral Monitoring – netflow analysis, service availability monitoring
  • Intrusion Detection – network and host IDS, file integrity monitoring
  • Vulnerability Assessment – active network scanning, continuous vulnerability monitoring
  • Asset Discovery – active and passive network discovery

How SIEM/USM Works

All products include these three core components available as hardware or virtual appliances.

  • USM Appliance Sensor – deployed throughout your network to collect logs to provide the five essential security capabilities you need for complete visibility.
  • USM Appliance Server – aggregates and correlates information gathered by the Sensors, and provides single pane‐of‐glass management, reporting and administration.
  • USM Appliance Logger – securely archives raw event log data for forensic investigations and compliance mandates.
  • USM Appliance All‐in‐One – combines the server, sensor and logger components onto a single system.

SIEM Deployment Options and Professional Services

You can deploy the SIEM/USM in multiple configurations to meet your needs.

  • InfoSight® private cloud hosted for on‐premise assets
  • InfoSight® Anywhere for both on‐premise and cloud assets
  • Traditional onsite

By bundling the SIEM/USM platform with InfoSight's professional services, you get 24x7 managed security services. With our co‐managed approach to security monitoring, we work in collaboration with IT staff. We monitor the most critical devices that require 24x7 attention, and in‐house IT staff monitor internal devices and endpoints.

Our MSSP services include:

  • 24x7 monitoring & threat analysis
  • Incident response & mitigation
  • Alerting & notification
  • Device management (FW, IPS, NIDS, HIDS, endpoint)
  • Reporting
  • Threat intelligence & tools

Predefined Event Reports for SIEM

To give you insights into key events by different data source types and by specific solutions, the following is a sampling of predefined event reports.