Despite all the promises made by SIEM vendors over the last decade, enterprise security analysts often have no way to know if their IT systems have been compromised by an APT or insider attack.
In the face of more frequent, more prolonged and more advanced attacks, eIQnetworks has developed a platform that gives infrastructure-wide visibility into a large organization’s security posture.
Using the latest release of SecureVue, security information analysts can perform correlation and forensic searches over long time periods. For example, analysts can now receive alerts when a server is the target of a reconnaissance scan, then experiences failed login attempts, and then experiences a configuration change anytime within the next 90 days, even if no security events are present in the system’s log file.
This allows organizations to be more proactive in identifying activity that may be associated with APTs. SecureVue’s multi-data cross-correlation capabilities and next-generation forensic search engine distinguish it as the only solution in the industry that provides true situational awareness.
“With eIQ’s new ForensicVue forensic search engine, included as a standard part of SecureVue, we are able to define a single search across system log, network activity, vulnerability, configuration, compliance and file integrity data with “Google-like’ ease and speed,” said Steven M. Brumant, MCP, Security+, Information Security Manager for Old Second National Bank. “Having the ability to quickly search billions of events in a matter of seconds and display correlated data in a single pane of glass allows us to stay ahead of the cyber attacks and meet needs for ad-hoc reporting and investigative analysis. Point security products, including traditional SIEM solutions, fail to give us the visibility or ad-hoc querying capability we need.”