This SIEM is a good fit for small and mid-sized companies

The CIO-level business angle on the latest tech

There are quite a few good security information and event management (SIEM) tools for the enterprise that capture event information from device logs, correlate the events, alert the experts who can act on troublesome activities and store millions of pieces of data for forensic analysis . The enterprise level products are capable of handling thousands of network devices and millions of events on a daily basis. Security specialists in a company’s security operation center (SOC) monitor the SIEM on a 24/7 basis.

But what if your network is relatively small and you don’t even have a million events in a year? What if your entire IT department is only a handful of people and your company has no such thing as a SOC? Small and medium-sized companies could really benefit from a tool like SIEM—just as the big enterprises do. This is the market that TriGeo Network Security Inc. addresses with its TriGeo Security Information Manager (SIM) product.

TriGeo SIM is a SIEM appliance that has been purpose-built for companies with 5,000 or fewer employees. It sits in the center of all the other devices on your network and collects logs from these devices. The appliance is able to do log analysis and event correlation in memory, which means the insight from this analysis is as close to real-time events as possible. When a security event is detected, the TriGeo SIM allows for an automated active response that can mitigate an activity that is still in progress.

Here’s an example situation from a TriGeo customer – a small local bank. At 10:00 PM, someone at the closed bank made several failed attempts to login into the network.  The TriGeo SIM pieced together the fact there were multiple user login failures, from a single IP address, in a short amount of time, after regular business hours, and alerted the bank’s IT administrator via cell phone. He was able to connect to the network and direct the bank’s security cameras toward the location of the device with the login attempts. There sat the janitor, still trying to gain entry to the network through a desktop PC. The TriGeo SIM sent a command to disconnect the PC from the network, thereby stopping the janitor’s actions before he was able to breach the network.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

There are quite a few good security information and event management (SIEM) tools for the enterprise that capture event information from device logs, correlate the events, alert the experts who can act on troublesome activities and store millions of pieces of data for forensic analysis . The enterprise level products are capable of handling thousands of network devices and millions of events on a daily basis. Security specialists in a company’s security operation center (SOC) monitor the SIEM on a 24/7 basis.

But what if your network is relatively small and you don’t even have a million events in a year? What if your entire IT department is only a handful of people and your company has no such thing as a SOC? Small and medium-sized companies could really benefit from a tool like SIEM—just as the big enterprises do. This is the market that TriGeo Network Security Inc. addresses with its TriGeo Security Information Manager (SIM) product.

TriGeo SIM is a SIEM appliance that has been purpose-built for companies with 5,000 or fewer employees. It sits in the center of all the other devices on your network and collects logs from these devices. The appliance is able to do log analysis and event correlation in memory, which means the insight from this analysis is as close to real-time events as possible. When a security event is detected, the TriGeo SIM allows for an automated active response that can mitigate an activity that is still in progress.

Here’s an example situation from a TriGeo customer – a small local bank. At 10:00 PM, someone at the closed bank made several failed attempts to login into the network.  The TriGeo SIM pieced together the fact there were multiple user login failures, from a single IP address, in a short amount of time, after regular business hours, and alerted the bank’s IT administrator via cell phone. He was able to connect to the network and direct the bank’s security cameras toward the location of the device with the login attempts. There sat the janitor, still trying to gain entry to the network through a desktop PC. The TriGeo SIM sent a command to disconnect the PC from the network, thereby stopping the janitor’s actions before he was able to breach the network.

TriGeo SIM doesn’t require someone to monitor the console all the time. The tool allows you to leverage correlation, automated active response, and notification so you can walk away and get other work done while TriGeo watches your back. This is especially good for smaller companies with IT people who must wear numerous hats. What’s more, the correlation engine puts information into the proper context, and alerts are in plain English, so you don’t need to be a security analyst to understand the security events.

TriGeo SIM ships with over 700 correlations in the box, with more than 100 fully enabled upon installation. Many of the correlations are designed for specific businesses; for example, local banks or credit unions. These correlations are unique to situations that might arise in the financial industry. TriGeo customers even share their own home grown correlation rules through an active user community. There are more than 300 reports out of the box, with templates for all the major regulations like HIPAA, PCI, SOX, GLBA and so on. TriGeo has thoughtfully packaged this product to make it easy to get up and running within just a few hours.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.