This article can also be found in the Premium Editorial Download "Information Security magazine: With SSL VPNs on the offense, will IPSec VPNs eventually be benched?."
Download it now to read this article plus other related content.
Device support isn't as broad as some enterprise-level SIMs: about 100, with a hefty Cisco representation. We used the appliance to monitor events from Juniper's NetScreen firewalls, Snort IDS sensors, Cisco routers and switches, Norton Anti-Virus CE software, and Win- dows and Linux workstations.
Event storage capacity runs from 73GB, to 3x73GB RAID5 arrays, depending on purchase level. The Data Warehouse function can support additional storage to a second database (MS SQL server).
The live console dashboard is very good, giving security managers easy access to alerts and agent status, with the ability to drill down for detail. The Crystal Reports are acceptable; out-of-the box reports are static--unlike the live dashboard, you can't review these reports' graphical data in real time or drill down for more detail to investigate interesting patterns. This can be remedied with a third-party tool.
With its ease of use and automated remediation features, TriGeo SIM is a sensible option for organizations that don't quite need the muscle--or the cost--of a large enterprise product.
This was first published in May 2005