Symantec
→ Volume License-
Business →
SER for IBM
|
|
|
Symantec Event Relay for IBM
|
▫ Request A
Quote
▫ Symantec Authorized Reseller |
▫ Free Software Consulting: 888-275-8850
▫ Lowest Volume License Price Guarantee |
|
|
An incident is an event or condition
that requires a response and closure. Active attacks or virus outbreaks
are incidents that are usually comprised of one or more events. Known
system vulnerabilities or discovered policy violations should also be
treated as incidents that require a response. However, the challenge is
sorting through the millions of events to find the incidents in time to
take action. For enterprise customers with large networks yielding
massive amounts of security events on a daily basis, there is a greater
need for a real-time aggregated and correlated view of security data
across network tiers and security technologies. Symantec Incident
Manager provides open, real-time incident management that helps
enterprises maximize the value of their security technologies, and
identify and respond rapidly to security breaches.
Symantec Incident Manager identifies, consolidates and correlates
security events from multiple point products and security technologies
from a variety of vendors. Symantec Incident Manager analyzes and
correlates events to identify incidents, then tracks the resolution of
each one to closure. It also allows for the customized setting of
incident priorities based on the severity of the impact to business and
dynamically adjusts those priorities through each incident's lifecycle.
Symantec Incident Manager also employs a powerful risk analysis engine
that determines the impact of each incident based on the relative
confidentiality, integrity and availability rating of each asset in the
system. The risk analysis engine takes into account what actions have
been taken to resolve an incident and dynamically balances the priority
of each incident compared to all open incidents. This allows staff to
focus resources on resolving the most critical incidents first.
Symantec Incident Manager issues alerts and notifications throughout the
lifecycle of an incident. It notifies security personnel when an
incident is first detected and constantly monitors the progress being
made to resolve each incident. It issues alerts in advance of
Security-Level Agreement (SLA) deadlines, implemented by many
organizations, which require a response for each of these phases within
a specified time. This is an invaluable resource for both meeting audit
requirements and improving response procedures. Further, Symantec
Incident Manager is backed by Symantec Security Response, which
describes known vulnerabilities and serves as a reference to guide staff
as they identify and resolve incidents. This valuable intellectual
property includes a comprehensive database of new signatures,
vulnerabilities, safeguards and response guidance, and is regularly
updated from the largest and most comprehensive collection of security
intelligence available. Symantec is also creating third-party relays so
that information can flow easily from the Symantec Security Management
System to other network and system management products.
The Event Relay forwards events from the Symantec Enterprise Security
Architecture to the IBM Tivoli Risk Manager.
|
More Information:
Symantec
Event Relay for IBM Tivioli Risk Manager |
|
