eIQnetworks launched ForensicVue, the first real-time forensic search engine to provide security analysts with the ability to search every piece of security data on their network.
ForensicVue extends the existing forensic capabilities of eIQnetworks’ unified situational awareness platform, SecureVue, enabling analysts to quickly search large amounts of security data in all formats, including log events, vulnerabilities, configurations, performance, availability, net flow, file integrity, USB monitoring and system compliance data and correlate it via a single console.
ForensicVue can also be used on data aggregated from 3rd party applications such as ePO, SEP and SIEM.
ForensicVue helps ensure an organization’s IT assets are protected against fast evolving security breaches and policy violations by enabling Enterprise security analysts to search across tens of thousands of nodes, over a sustained period of time and across all security and compliance data to enable proactive protection of Enterprise information assets.
This approach eliminates the decision-making-by-committee approach that is a significant factor in the timely detection and remediation of breaches at large and distributed organizations.
Other key features in ForensicVue include:
- Capturing and storing common queries in a comprehensive library so that historic data can be applied to any data set in the past, present or future.
- The ability to run multiple investigations across every data type, including log events, asset and configuration, vulnerability, net flow, integrity, removable media, vulnerabilities, system compliance and 3rd party application data.
- Support for hundreds of operating systems, network and security devices, enterprise and custom applications, databases and 3rd party products including McAfee EPO, Symantec SEP, CMDBs, SIEM and log management products and others.