SIEM (Sentinel)

– Security Information and Event management –

Managing a distributed, heterogeneous IT security environment with conventional point tools is a tall order. Everything—including servers, databases, applications, firewalls, routers, switches, and intrusion detection and prevention systems—produces a flood of data that you must aggregate and analyze to get a clear picture of your organization’s security and compliance health.

Sentinel replaces these labor-intensive manual processes with automated, continuous monitoring of security and compliance events and IT controls. Sentinel correlates and analyzes security and compliance events from all data sources in your environment to help you identify security events in real time and respond quickly. Automated incident response management enables you to document and formalize the process of tracking, escalating and responding to incidents and policy violations, and provides two-way integration with trouble-ticketing systems. Sentinel enables you to react promptly, resolve incidents efficiently and prove to auditors that your IT controls work as required.

Automated Security and Compliance Management Across the Enterprise

With Sentinel, you get:

  • Integrated, automated real-time security management and compliance monitoring across all systems and networks
  • A framework that enables business policies to drive IT policy and action
  • Automatic documenting and reporting of security, systems and access events across the enterprise
  • Built-in incident management and remediation
  • The ability to demonstrate and monitor compliance with internal policies and government regulations such as Sarbanes-Oxley, HIPAA, GLBA, FISMA and others

Order from Chaos

Intrusion prevention and detection systems, firewalls, antivirus applications, switches and routers generate reams of data all the time. But what if your firewall indicates an urgent problem while your IDS is strangely silent? Which is correct? How do you respond?
Sentinel correlates the pertinent data and applies the appropriate event taxonomy and business relevance to the data—alerting you when an incident requires attention. You will reduce false positives and be able to focus your resources where they’re most needed.

Complete security metrics and compliance reporting

Sentinel Reports™ provides a complete and fully automated solution for visualizing the enterprise security environment, documenting regulatory compliance and efficiently managing operational risk.

With Sentinel Reports you can:

  • Demonstrate that you continuously monitor your critical IT assets and that security and compliance incidents are identified and resolved
  • Gain the insight you need to effectively monitor, measure and improve your security posture
  • Discover trends and anomalies you can’t detect manually

Sentinel Reports enables you to track and report all security-related activity—including user activities, incidents and policy violations—on assets affected by Sarbanes-Oxley, HIPAA, FISMA, PCI and other regulations. Sentinel Reports includes a comprehensive set of out-of-the-box reports and dashboards, which you can easily configure to meet your organization’s specific requirements—or you can create your own reports using industry-standard report builders.

How It Works

Using built-in business rules that you can easily configure Sentinel to reflect your organization’s policies and best practices, you can monitor and track the status of violations and remediation actions. You can quickly identify new trends or attacks, manipulate and interact with real-time graphical information, and drill down into historical details from seconds to hours in the past. What’s more, the message-bus-based architecture in Sentinel enables easy integration with Novell Identity Manager and other identity, security and access management solutions. Sentinel also uses in-memory correlation to reduce the load on your database and speed the delivery of critical event data.

Collectors gather data from source devices via many connection methods including syslog, ODBC, JDBC, OPSEC, SSL, SNMP, HTTP, HTTPS and more. With the flexible collector technology in Sentinel, you can collect events and information from numerous devices, systems and applications. You can also develop collectors for virtually any data source, custom or proprietary. Sentinel is compatible with Windows, UNIX, Solaris and Linux platforms. It can connect to any device that communicates through SNMP, ODBC and other standard protocols.

Are you considering Novell SIEM™ software for your organizaton? Let the Kifinti Solutions expert team help you. We can leverage our many successful implementations to help make your project a success. Ask about a free product evaluation.