The Extreme Networks Security Information and Event Manager (SIEM) product combines best-in-class detection methodologies with behavioral analysis and information from third party vulnerability assessment tools to provide the industry’s most intelligent security management solution. Extreme Networks SIEM delivers actionable information to effectively manage the security posture for organizations of all sizes.
The challenge created by most threat detection systems is the volume of information they generate — making it difficult to determine which vulnerabilities require an immediate, high priority response. The Extreme Networks SIEM solution addresses this challenge and provides powerful tools that enable the security operations team to proactively manage complex IT security infrastructures.
Goes beyond traditional security information and event managers and network behavioral analysis products to deliver threat management, log management, compliance reporting, and increased operational efficiency
Collects and combines network activity data, security events, logs, vulnerability data, and external threat data into a powerful management dashboard that intelligently correlates, normalizes, and prioritizes—greatly improving remediation and response times, and greatly enhancing the effectiveness of IT staff
Baselines normal network behavior by collecting, analyzing, and aggregating network flows from a broad range of networking and security appliances including JFlow, NetFlow, and SFlow records. It then discerns network traffic patterns that deviate from this norm, flagging potential attacks or vulnerabilities—anomalous behavior is captured and reported for correlation and remediation
Tracks extensive logging and trend information, and generates a broad range of reports for network security, network optimization, and regulatory compliance purposes; report templates are provided for COBIT, GLB, HIPAA, PCI, and Sarbanes Oxley
All SIEM appliances offer High Availability (HA) functionality that ensures availability of SIEM data in the event of a hardware or network failure. HA provides automatic failover and full disk replication between a primary and secondary host. The secondary host maintains the same data as the primary host by either replicating the data on the primary host or accessing a shared external storage. At regular intervals the secondary host sends a heartbeat ping to the primary host to detect hardware or network failure. If the secondary host detects a failure, the secondary host automatically assumes all responsibilities of the primary host. The Extreme Networks SIEM HA functionality is easily and cost-effectively deployed through appliances and wizards without requiring additional fault management solutions and storage options.
The Extreme Networks SIEM solution portfolio features appliances for quick and easy setup. The Extreme Networks SIEM solution complements its appliances with the Virtual Flow (VFlow) Collector. This virtual flow collector appliance enables application layer traffic monitoring and security intelligence in a virtual infrastructure. Available Extreme Networks SIEM solution components include:
SIEM Base Appliance
Flow Anomaly Processor
Network Behavioral Flow Sensors
Virtual Flow Collector
SIEM Console Manager
High Availability options