This article can also be found in the Premium Editorial Download "Information Security magazine: With SSL VPNs on the offense, will IPSec VPNs eventually be benched?."
Download it now to read this article plus other related content.
TriGeo Network Security's TriGeo Security Information Manager 3.0
TriGeo Network Security
Price: Starts at $19,820
|TriGeo Network Security's TriGeo Security Information Manager 3.0|
Turning data from multiple network and security devices into actionable information isn't just a headache for Fortune 1000 companies--SMBs with limited staff need to know quickly when their networks are threatened.
TriGeo Network Security's TriGeo Security Information Manager (TriGeo SIM) 3.0 fills this niche as a highly flexible, easy-to-manage appliance that's designed to support 50 to 5,000 active devices.
It also adds automated remediation, a plus for any organization. TriGeo SIM can issue policy-based commands to block IP addresses and ports, and shut down or reboot users through Cisco Systems, Check Point Software Technologies, Juniper Networks, WatchGuard Technologies, SonicWALL, TopLayer Networks and Fortinet devices.
Like other SIMs, the appliance gathers data--typically logs--from devices and applications via agents or remote logging from firewalls, routers and switches. Data is normalized and processed by the policy engine, which initiates remediation action and/or an alert via e-mail, SMS, pagers and handheld devices.
The sweet spot for TriGeo, though, is its interface and management. TriGeo has hundreds of prebuilt correlation filters and rules that are as easy to use as LEGOs.
You can create filters based on alert types, and then operate the filters based on any of the data contained within the alert. For example, you can create a "VPN Alerts" tab that can be used to show only the alerts from a Cisco VPN Concentrator. Other custom filters might show modifications to user accounts or changes to do-main properties.
The appliance ships with more than 500 predefined rules. For example, change management rules can identify when users, groups, domains or policies are manipulated. Rules can apply to a specific group of devices, be time-dependent and have easily modifiable thresholds. One drawback is the lack of directory support; users and groups have to be manually created.
This was first published in May 2005