Home

Editor's Corner

Spotlight on Akibia
Monitored and Managed Firewall Support Services

Safeguard Your Critical Systems and Data

Case Study: SurfControl Helps St. Margaret's Health Ensure Business and Regulatory Compliance

Network Security Appliances for Mission Critical Applications

Rest Secured with PGP Whole Disk Encryption for Enterprises

Check Point Simplifies
Event Correlation

Akibia News

Akibia Partners

Contact Akibia

 

 

 

 

 

 

 bandwidth

Check Point Simplifies Event Correlation

Eventia Analyzer architecture can scale to handle millions of logs per day per correlation unit.

Your Challenge

Today's complex, multilayered security architecture consists of many devices to ensure that servers, hosts, and applications running on the network are protected from harmful activity. These devices all generate voluminous logs that are difficult and time consuming to interpret. In a typical enterprise, an intrusion detection system can produce more than 500,000 messages per day and firewalls can generate millions of log records a day. In addition, the logged data may contain information that appears to reflect normal activity when viewed on its own, but reveal evidence of abnormal events, attacks, viruses, or worms when raw data is correlated and analyzed. Enterprises need control over and practical value from the deluge of data generated by network and security devices.

Our Solution

Eventia Analyzer™ provides centralized, real-time event correlation of log data from Check Point perimeter, internal, Web, and endpoint security devices - as well as third-party security devices - automatically prioritizing security events for decisive, intelligent action. By automating the aggregation and correlation of raw log data, Eventia Analyzer not only minimizes the amount of data that needs to be reviewed but also isolates and prioritizes real security threats. These threats may not have been otherwise detected when viewed in isolation per device, but pattern anomalies appear when data is correlated over time. With Eventia Analyzer, security teams no longer need to comb through the massive amount of data generated by the devices in their environment. Instead, they can focus on deploying resources on the threats that pose the greatest risk to their businesses.

Scalable, Distributed Architecture

Eventia Analyzer delivers a flexible, scalable platform capable of managing millions of logs per day per correlation unit in large enterprise networks. Through its distributed architecture, Eventia Analyzer can be installed on a single server but has the flexibility to spread its processing load across multiple correlation units.

Centralized Event Correlation

Eventia Analyzer provides centralized event correlation and management for all Check Point products such as Check Point Express™ CI, Check Point Integrity™, Connectra™, InterSpect™, VPN-1® Edge™, and VPN-1 Pro™ - as well as third-party firewalls, routers, and switches, intrusion detection systems, operating systems, antivirus applications, and Web servers. Raw log data is collected via secure connections from Check Point and third-party devices by Eventia Analyzer correlation units where it is centrally aggregated, normalized, correlated, and analyzed. Data reduction and correlation functions are performed at various layers, so only significant events are reported up the hierarchy for further analysis. Log data that exceeds the parameters set in predefined event policies triggers security events. These events can be unauthorized scans targeting vulnerable hosts, unauthorized logins, denial of service attacks, network anomalies, and other host-based activity. Events are then further analyzed and severity levels assigned. Based on the severity level, an automatic action may be triggered at this point to stop the harmful activity immediately at the gateway. As new information flows in, severity levels can be adjusted to adapt to changing conditions.

The capability of Eventia Analyzer to drill down on a specific event detects threats that other solutions
might not discover.

Easy Deployment

Eventia Analyzer provides a large number of predefined, but easily customizable, security events for quick deployment. Customers can also easily customize their own events using a wizard or predefined event to fine-tune the system to their particular needs. Its tight integration with SmartCenter™ and Provider-1® allows it to interface with existing SmartCenter log servers, eliminating the need to configure each device log server separately for log collection and analysis. All objects defined in SmartCenter are automatically accessed and used by the Eventia Analyzer server for event policy definition and enforcement. In addition, tight integration between SmartCenter and Eventia Analyzer enables it to automatically learn the network's topology and detect correlated events that are sensitive to topological parameters.

Easy Maintenance

Once installed on the network, Eventia Analyzer has a learning mode where it automatically "learns" the normal activity pattern for a given site and suggests policy changes to help administrators fine-tune the system. Easy-to-use event wizards provide users greater flexibility in customizing events to suit their particular environments. The ease of installation and maintenance enables customers to leverage existing IT/security staff.

Real-Time Threat Analysis and Protection

Based on pattern anomalies and previous data, Eventia Analyzer performs real-time event correlation. By weeding out irrelevant data and by correlating data among multiple devices, Eventia Analyzer can zero in on threats that pose the greatest risks to enterprises. Eventia Analyzer can enforce automatic actions on Check Point gateways against critical threats, for real-time, dynamic threat mitigation.