|
Real Time Event Correlation and Analysis
ThreatVision™ provides a state-of-the-art
correlation and analysis engine that filters out data
and refines only the relevant information, providing
threat alerts without data overload. ThreatVision™
solution is capable of correlating security events across
a variety of security devices and their alert formats,
including Checkpoint, Cisco, ISS, Nokia, SNORT and Sonic
Wall. The real-time event aggregation, correlation and
analysis enables administrator to gather intelligence
across multiple devices to quickly spot abnormal behavior.
This reduces the effort required by security analyst
to identify threats, giving them time for more sophisticated
intrusion investigation and policy management.
Unique Abnormal Behavior Detection
Abnormal behavior detection is a new
frontier in the threat management solution space. ThreatVision™
profiles for a customer network builds a security 'baseline'
that detects any behavior that does not confirm to the
known 'good' behavior. The deviation from the 'baseline'
is continually tracked by ThreatVision™ Analysis
and Correlation Engine (ACE) to detect an attack or
misuse. Examples include detection of excessive use
on port 80 or detection of use at unusual hours. The
benefit of this approach is that it can detect the anomalies
without having to understand the underlying cause behind
the anomalies. It also provides detection when a signature
based IDS system misses on a new type of an attack.
Increased Accuracy with profiling
templates
The attack threshold templates included
with the system were developed over live customer environments
across of hundreds of Security devices. This proven
model enables rapid tuning of the ThreatVision™
solution and help reduces false positives.
Customizable Agent
Since each network has unique data
collection polices and procedures, Threat Vision has
built an extremely flexible and user-friendly customizable
agent interface. Due to customizable agent, a wide variety
of security and network devices can be integrated to
Threat Vision infrastructure.
Filtering
ThreatVision™ allows the user
to set condition by which data will be filtered and
which helps to reduce large volumes of unwanted data.
Real time Console View
ThreatVision™ Management Console
provides a unique unified view of the security events
across the enterprise.
Rapid Deployment
ThreatVision™ deployment does
not require deployment of special hardware sensors or
software to load on customer systems. Implementation
requires a simple configuration change on the security
devices.
ThreatVision™ Supported Applications
and Platforms
|
