SIEM (Security Information Event Management)
Security teams need to discover unknown threats hidden inside the vast amounts of data generated in logs. They also need to know when system activity doesn’t match normal business patterns. Tripwire Log Center supplies this log intelligence with advanced correlation, visualization, and trend analysis of log data for early indicators of potentially unauthorized activity.
Log and security event data together can significantly improve security by identifying critical threats before the damage is done—but only if the data is analyzed in the context of other security data and risk to the business. Tripwire® Log Center® provides these capabilities with an easy-to-use, flexible and affordable log intelligence solution.
When integrated with additional Tripwire security solutions, Tripwire Log Center provides even greater intelligence by combining context of suspicious events to change and configuration data from Tripwire Enterprise, vulnerability data from Tripwire IP360, business context from the Tripwire Asset View, and user context from Active Directory. Tripwire Enterprise analyzes system configurations for weaknesses and hardens weak configurations, detects all system changes, shows which changes threaten security, and provides additional details about those changes. Tripwire IP360 helps you determine if a device that may be a target of an attack has any vulnerabilities, like an out-of-date patch, and react accordingly.
By adding Tripwire Log Center’s correlation analytics to these industry leading security solutions, you see the relationships between suspicious events, system changes, weak configurations and current vulnerabilities. That rich combination of information lets you better identify risk and prioritize your security efforts. For those using the SANS Top 20 as a security framework, Tripwire lets you protect critical infrastructure by correlating data and providing context from the first 4 controls.
Powerful Security Correlation
Easily identify risk and prioritize security efforts with advanced correlation capabilities. Take it a step further: combine Tripwire Log Center with Tripwire Enterprise to provides visibility into the configuration status of systems and detect suspicious events to enable security context and prioritization.
Real-time Incident Detection
Early incident detection and threat management demands instant knowledge of threats and security risk. View real-time user access and system activity information in customizable security dashboards. Even drill down to get the detail you need. Send real-time alerts when a series of events threatens security. Automatically monitor systems to detect unusual patterns that may indicate a breach.
Business and User Context
Use the context of user groups, roles and other attributes that already exist in your Active Directory environment to accurately detect suspicious activities. Integrate with Tripwire Enterprise Asset View to classify your assets using tags based on their criticality, risk and impact to your business. By incorporating this user and business context into your correlation rules and security dashboards, you can more easily detect anomalous user behaviors, or if a series of events related to a user indicates a security incident in progress.
Forensic Investigations and Compliance Reports
Obtain complete and accurate information for security forensic investigations and compliance reports. All logs and events are classified using a standards-based language so you can easily search across all devices and platforms and obtain more comprehensive results. With these results, you can quickly identify root cause to fix vulnerabilities, respond to minimize damage, and produce compliance reports.
Systems, devices and other IT assets in your infrastructure all use different language to describe their activity in logs. Event Classification in Tripwire Log Center uses a common, standards-based language to simplify querying log data across all platforms and devices while yielding more comprehensive, accurate results. Watch this video and learn how this new classification of raw log activity works.
Aggregate logs from security controls and forward raw log data to enterprise-wide third-party SIEMs and GRC tools. Autonomously analyze logs and conduct security forensic investigations. Meet requirements to collect, manage and retain all logs while sharing information with other security solutions.