Quick Deployment

To further speed deployment, EventManager comes with the option of pre-configured policy templates.  Covering issues such as log retention time and encryption, these templates will reduce the time it takes to get you up and running and the standardized format will ensure regulatory compliance. Standard pre-configured policy templates cover issues such as log retention time, encryption, and are also included to further speed deployment and ensure regulatory compliance.

In a typical initial installation, over 75 devices and compliance reports were setup in less than three days at a large petrochemical company.

Alerts Overview Click to expand

Alerts - Virus Outbreak Click to expand

Turnkey Appliance

EventManager is a self-contained system that eliminates the need for additional hardware, installation, or performance tuning. Built-in energy conservation and a highly efficient 2U design mean that EventManager consumes a minimum of electricity and requires limited space and cooling.

Scalable Architecture

Providing a tiered approach to performance, the EventManager family easily accommodates up to tens of thousands of events per second with a single 2U rack-ready appliance. These fault-tolerant systems use dual components for all critical functions and have other high availability options available. 

If additional horsepower is needed, new appliances can be added at any time, thus allowing for a virtually unlimited amount of data to be collected, archived, and analyzed from any number of sources.

Advanced Correlation

EventManager's correlation engine is based on a patented pattern analysis technology of network security events that distills hundreds of millions of disparate log entries into logical categories, further classifying them into related events.  Armed with complete knowledge of your organization's network topology, asset values, and vulnerabilities, EventManager provides a sophisticated risk assessment.  All in real-time.

Simple Powerful Communication

EventManager enables human language communications with users.  Rules are created, and alerts are shown, using simple concepts like "Accepted", "Denied", "Admin", "Access Granted" etc.

The categorization engine gives users an incredibly flexible way to manipulate data - sort by intention, target, attribute, state or impact, and identify event types as information, vulnerability, usage, configuration, or malicious. Generic rules created using the categories based on our pattern analysis technology are used for filtering, reporting, aggregation and correlation. This provides simpler, more accurate processing using vastly fewer rules and increases performance.

Constant Updates

Our asset security information database is constantly and automatically updated so the latest asset data: IP addresses, operating system details, physical location, known vulnerabilities, and patch levels are kept current.  This keeps the system updated and able to make risk assessments based on the most up-to-date information.

Extensive Reporting

With more than 300 security reports, dashboards and comprehensive templates supplied, including reports tailored specifically to compliance issues, you can rapidly construct a range of reports to address all your auditing and forensic requirements.  An interactive report model allows you to quickly and smoothly drilldown from global statistics down to event level detail as needed.

Reports are fully customizable and can be output as beautiful and instructive charts and graphs ready for print documents or presentations... or as standalone web-based interactive reports.  And, of course, the reports can be automatically generated and disseminated as needed or created on-demand.

Based on your Network and SLAs

EventManager contains a representation of your corporate systems, service level agreements (SLAs), and the importance of these to the business.  This customer-specific view of the organization’s critical applications and services enables alerts to be given priorities according to their potential business impact.

Compliance

EventManager includes all compliance features from LogManager. This provides a complete regulatory compliance solution, allowing the archiving and preservation of logs in their original form to meet audit-quality standards. Ensure compliance with regulatory standards such as SOX, PCI-DSS, FSA, FISMA, and HIPAA, as well as frameworks like ISO-27001, BASEL II, and COBIT  that require the collection, analysis, and archiving of log data.

Forensic Research

Unlike many competing products, EventManager allows your organization to easily go back in time and replay event data while utilizing the powerful correlation engine to make sense of the vast amounts of stored data. Investigate past events with new event sources, correlation rules, and/or scenarios to spot previously unrecognized behavior. Use your own data to evaluate and test updated correlation rules and scenarios.

Incident Management System Integration

EventManager integrates with your existing incident management system, allowing you to create tickets from within the EventManager console.

When the tickets are closed, the relevant alerts are automatically acknowledged and the related ticket number included for future forensic or audit use.  Link alerts to incident tickets (and vice-versa) for clarity and full alert and incident tracking. Full support for IODEF compatible incident management systems.

Security Levels and Profiles 

Supports user-defined security levels and allows security profiles to be assigned to each level. Customers can use pre-defined or create custom security levels to represent their corporate, industry or governmental INFOCON security levels.

Security profiles include log collection, filtering, aggregation and correlation settings and rules.

Agent and Agentless collection

Software agents and/or agentless collection methods are supported. Agents can be deployed on hosts to gather multiple security logs from those, and neighboring, servers and applications. In agentless mode, the central platform receives and processes logs sent across the network without requiring the deployment of a remote agent.

Secure Processing of Event Data

Event data and corresponding raw log data security is maintained throughout the collection, filtering, aggregation, correlation and archival processes.

Real-Time, Multi-Channel Alerts

Correlation rules can include actions to be undertaken when alerts are triggered. Actions can include one or more of the following: sending an email to a group of people, text messages, displaying alerts on the console, running an executable or command-line script, or performing automatic remediation via Solsoft ChangeManager. 

Integrated Architecture

EventManager is built on the common Exaprotect appliance architecture and is a simple key-enabled upgrade from LogManager.  EventManager also tightly integrates with Exaprotect’s Solsoft ChangeManager to provide instant remediation for security issues detected by EventManager.

Collect from any Source

EventManager works out of the box with many common network devices, operating systems, intrusion detection systems, and other systems.  We try to cover the entire range of sources requested by our customers and new technology packs are released on a regular basis.  Additionally, any custom data sources or those not preconfigured are easily setup via our AJAX powered wizard-based setup tool.  See the latest list of compatible systems.