Secospace elog. Secospace elog

Similar documents
Log Audit Ensuring Behavior Compliance Secoway elog System

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Trademark Notice. General Disclaimer

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

CNS-200-1I Basic Administration for Citrix NetScaler 9.0

CISCO IOS NETWORK SECURITY (IINS)

United Security Technology White Paper

About Network Data Collector

HP IMC Firewall Manager

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

HP A-IMC Firewall Manager

Federal and Large Enterprise Solutions - FAQs

Integrating Barracuda Web Application Firewall

Huawei Eudemon1000E-X series Firewall. Eudemon 1000E-X Series Firewall. Huawei Technologies Co., Ltd.

Eudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD.

Check Point Security Administrator R70

SANS Top 20 Critical Controls for Effective Cyber Defense

HUAWEI USG2000&5000 Series Unified Security Gateway Content Filtering White Paper

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Eudemon1000E Series Firewall HUAWEI TECHNOLOGIES CO., LTD.

Datasheet FUJITSU Cloud Monitoring Service

IPS Anti-Virus Configuration Example

Lab Configure IOS Firewall IDS

Quidway SVN3000 Security Access Gateway

Integrated and reliable the heart of your iseries system. i5/os the next generation iseries operating system

SVN3000 Security Access Gateway SSL/IPSec VPN Access Gateway

Lab Configuring Access Policies and DMZ Settings

Architecture Overview

HUAWEI USG6000 Next-Generation Firewall V100R001. Product Description. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

Intrusion Detection Systems (IDS)

Huawei Network Edge Security Solution

Network Monitoring Comparison

Classic IOS Firewall using CBACs Cisco and/or its affiliates. All rights reserved. 1

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

IPS Attack Protection Configuration Example

How To Create A Network Access Control (Nac) Solution

8. Firewall Design & Implementation

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

Integrating Juniper Netscreen (ScreenOS)

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

A CrossTec Corporation. Instructional Setup Guide. Activeworx Security Center Quick Install Guide

SapphireIMS 4.0 BSM Feature Specification

IBM Tivoli Netcool Configuration Manager

mbits Network Operations Centrec

NView NNM Network Management System

How To Set Up Foglight Nms For A Proof Of Concept

Owner of the content within this article is Written by Marc Grote

EndUser Protection. Peter Skondro. Sophos

Basic & Advanced Administration for Citrix NetScaler 9.2

IBM Security QRadar SIEM Version MR1. Log Sources User Guide

Integrate Check Point Firewall

Huawei One Net Campus Network Solution

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

Meeting PCI Data Security Standards with

Contents. Platform Compatibility. GMS SonicWALL Global Management System 5.0

An Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan

GFI Product Manual. Administrator Guide

GFI Product Manual. Administrator Guide

Symphony Plus Cyber security for the power and water industries

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

D-View 7 Network Management System

EventSentry Overview. Part I About This Guide 1. Part II Overview 2. Part III Installation & Deployment 4. Part IV Monitoring Architecture 13

Citrix NetScaler 10 Essentials and Networking

CDS and Clearing Limited Thapathali, Kathmandu 7 th Level (Technical) Syllabus

Firewalls. Chapter 3

A Guide to New Features in Propalms OneGate 4.0

GFI Product Manual. Deployment Guide

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

A Prevention & Notification System By Using Firewall. Log Data. Pilan Lin

HP IMC User Behavior Auditor

Industrial Security Solutions

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

IBM. Vulnerability scanning and best practices

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Vistara Lifecycle Management

IBM QRadar Security Intelligence Platform appliances

An Oracle White Paper June Oracle Database Firewall 5.0 Sizing Best Practices

THE VALUE OF NETWORK MONITORING

Huawei Eudemon200E-N Next-Generation Firewall

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

What s New in Centrify DirectAudit 2.0

Common Remote Service Platform (crsp) Security Concept

SSL VPN Technology White Paper

Citrix NetScaler 10.5 Essentials for ACE Migration CNS208; 5 Days, Instructor-led

Product Overview. UNIFIED COMPUTING Managed Hosting Compute

Cisco PIX vs. Checkpoint Firewall

Lab Configuring Access Policies and DMZ Settings

Firewall Testing Methodology W H I T E P A P E R

Technical Brief for Windows Home Server Remote Access

Novell Sentinel Log Manager 1.2 Release Notes. 1 What s New. 1.1 Enhancements to Licenses. Novell. February 2011

The syslog-ng Premium Edition 5LTS

SENTINEL MANAGEMENT & MONITORING

Netsweeper Whitepaper

Where can I install GFI EventsManager on my network?

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Meeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM)

Support for the HIPAA Security Rule

Unified network traffic monitoring for physical and VMware environments

Transcription:

Secospace elog

Product Overview With the development of networks, security events continually occur on hosts, databases, and Web servers. These range from Trojans, worms, and SQL injections, to Web page or data tampering by staff. How can we detect these events? How can we investigate them and collect evidence? The information age has arrived. As the information technology strengthens, application systems (service systems, operating systems, databases, and Web servers), security devices (firewalls, UTM, IPS, IDS, VPN, DPI, and AV), and network devices (routers, switches, and access devices) expand. A comprehensive and unified log management system is essential to manage the logs of all devices ranging across the network, system, and application layers. Based on current ICT trends, customer surveys, and problem collection and analysis, Huawei Symantec Technologies Co., Ltd. (hereinafter referred to as Huawei Symantec) has launched its high performance security auditing system. The Secospace elog is an intelligent log management and security auditing system providing excellent performance, reliability, security, and scalability. Its functions include: log collection, analysis, association, auditing, alarms, storage, queries, and reports. It is applicable to the security devices, network devices, operating systems, databases, and Web servers of Huawei, Huawei Symantec and other major vendors, including Cisco, Juniper, and Checkpoint. Product Features Unified log management for various devices Huawei & Huawei Symantec security devices (firewalls, UTM, IPS, IDS, VPN, and DPI), BRAS devices, routers, and switches Security devices, routers, and switches of major vendors, for example, Cisco, Juniper, and Checkpoint Operating systems (Windows, Linux, and Unix), databases (SQL Server, Oracle, DB2, Sybase, and Informix), and Web servers (IIS and Apache) Intelligent auditing technologies, which ensures the security for application systems Users can monitor security events by delivering auditing policies based on auditing templates for abnormal behaviors and risky operations. The system delivers association audit policies to a group of devices for associating all operations during user logins and logouts into a session. These are monitored and replayed to implement effective behavior audits. Effective user behavior monitoring, which helps identify intranet user behaviors and intrusions and attacks by extranet users Through off-line deployment for monitoring devices, the Secospace elog restores and audits for HTTP, FTP, Telnet, and database operations in real time. By interworking with Huawei Symantec UTM devices, the Secospace elog monitors applications such as AV software, blocking services, URL audits, email audits, instant messages, stocks, games, and P2P. It effectively tracks the behaviors of network users, and monitors the behaviors of intranet users. Precise NAT log management, which meets the requirements of judicial or other auditing departments The Secospace elog provides NAT log management for firewalls, BRAS devices, and routers to help users with precise NAT tracking. This complies with laws and regulations and provides evidence for investigations by judicial or other

auditing departments. Customer-oriented and robust customization development, which supports high scalability and protects customer investment Based on customers' service characteristics and requirements, the Secospace elog provides is rapidly customizable to meet the functions required by customers or to support new device and log types. It analyzes the logs of new devices through online upgrades and provides a Web service interface (of NAT logs) for calling third-party programs. Precise log analysis showing device running status The Secospace elog provides the following log types: attack prevention, traffic monitoring, blacklisting, address binding, operation commands, firewall logins, packet filtering, and content filtering. It provides the following alarm types: firewall timeout, attack prevention, interface status and abnormal traffic, log levels, and keywords. These features reveal network threats. Robust statistical analysis and multidimensional reports, which complies with laws and regulations Through precise log analysis and statistics, the Secospace elog provides abundant reports from multiple dimensions such as the time, log type, flow, security feature, user, and legal compliance. This helps users obtain network flow information and attacks, understand network status, and manage logs for security and network devices. The solution outputs a series of legally compliant audit reports. Real-time and diversified alarm responses and excellent alarm management, which allow administrators to identify threats properly The Secospace elog provides email, short message, audio, visual, and sound alarms. It timely detects the events that comply with alarm policies, promptly generates alarms, and generates alarm events. The administrator can monitor and query alarms online and precisely identify threats. Diversified log collection modes, which do not affect service systems The Secospace elog collects logs in Syslog, SNMP Trap, OPSec, FTP/SFTP, WMI, and JDBC modes. It uses proactive acquisition to collect logs for operating systems, databases, and servers without needing an agent program. User-friendly log query methods, which save time and improves work efficiency The Secospace elog provides online query and task query. Online query can instantly switch to task query. Complete security measures, which safeguard the system The Secospace elog secures and verifies log data to ensure log accuracy and integrity. Through role-based access control, it adopts the principle of power separation and HTTPS to ensure permission, access, and data transmission security. Meeting carrier-class reliability requirements Log collectors that adopt passive collection modes are configured in N to 1 backup mode. Switchover is supported in case a log collector fails, which prevents log losses. The Secospace elog provides a buffer mechanism to avoid data loss due to a short-term network failure. It records failures or abnormal status changes automatically. The system restarts automatically after a failure to ensure that normal operations are maintained. The solution also provides log backup and recovery. High log processing performance, which meets high-speed data flow requirements Up to 250000 EPS flow logs can be processed on average, peaking at 300000 EPS. Up to 8000 EPS text logs can be processed on average with a peak of 9500 EPS. Processing performance can be improved by adding a log collector.

Massive log storage capability, which meets log storage requirements The Secospace elog can connect to external disk arrays or cascading disk arrays to support massive log storage through mature storage solutions. Flexible deployment, which does not affect the existing network The Secospace elog provides centralized and distributed deployment and supports flexible deployment based on network architecture and customer requirements. Product Specifications The Secospace elog consists of log servers, log collectors, consoles, and probes. Firewall UTM Operating Systems IDS IPS VPN Router/BRAS Switch Databases Web server FTP/Telnet/HTTP probe Log Server console Component Description Log server Log collector Probe Console Audits event management, alarm management, report management, user management, and system management. Supported operating systems include Windows Server 2003 R2 Standard Edition SP2 and Windows XP Professional SP2. Performs log collection, classification, filtering, merging, alarms, and flow statistics. Supported operating systems include Windows Server 2003 R2 Standard Edition SP2 and Windows XP Professional SP2. Through network flow mirroring, the probe restores HTTP, FTP, and Telnet operations, and restores, monitors, and audits Oracle, Sybase, MS SQL Server, DB2, and Informix databases operations based on HTTP, FTP, and Telnet. The console accesses the Secospace elog through Microsoft Internet Explorer (6.x or above). The supported operating system is Windows XP Professional SP2.

Typical Deployment The Secospace elog is designed with distributed architecture and supports centralized and distributed deployment. Through flexible deployment, the Secospace elog meets customers' deployment requirements in different network environments. Centralized Deployment Distributed Deployment Probe Data Center Data Center Console Log Server Probe probe Console Log Server Centralized deployment Centralized deployment applies when managed devices are centralized and the network environment is simple. The centralized deployment of log servers, log collectors, and probes meets the log management and audit requirements of security devices, network devices, hosts, and databases. Distributed deployment Distributed deployment applies when managed devices are dispersed and the network environment is complex. Log collectors and probes are deployed in the dispersed device subnets that require log collection. The log collectors collect the processed logs to the log server for unified analysis and management.

Secospace elog The information contained in this document is for reference purpose only, do not constitute the warranty of any kind, experss or implied. It is subject to change or withdrawal according to specific customer requirements and conditions. All the trademarks, pictures, and brands mentioned in this document are the property of Huawei Symantec Technologies Co., Ltd or their respective holders. Copyright 2010 Huawei Symantec Technologies Co., Ltd. All rights reserved. Version No.: M3-110019999-20100120-V-1.0

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information