Event Correlation - The Heart of SIM
The ability to perform real-time event analysis and correlation is the single most
important feature to evaluate when considering a security information management system.
The millions of events flowing through management consoles would be virtually useless if it wasn't
for the analysis and correlation used to identify, notify and respond to suspicious behavior, malicious activity
and policy violations.
Consider these critical factors when evaluating event correlation products
Click here 
Powerful Rule Builder
While TriGeo ships with over 500 pre-built correlations, even the most powerful correlation engine would be useless
if it was difficult to build rules and tune them to your specific environment. TriGeo's rule builder
employs a patent-pending graphical interface that was designed so that anyone can use it.
Now, you can see it for yourself...
Click the image on the right and watch as we construct a simple rule in under 60 seconds.
This specific example illustrates the ease with which TriGeo can examine an event, looking for discrete properties,
and take a specific action.
In this case, we detect that someone has launched Solitaire, and immediately terminate the application. Naturally,
far more elaborate correlations are possible, but this illustrates the tremendous ease with which they can
be built - you won't find anything like it, anywhere on the market!
TriGeo recognized that few organizations have the luxury of full-time security teams, and designed the rule builder
so that front-line IT personnel could quickly and efficiently build rules that make their lives easier. Naturally,
these include security-focused rules, but it's common to build rules that address the daily headaches of issues like
account lockouts.
TriGeo has hundreds of prebuilt correlation filters and rules
that are as easy to use as LEGOs.
- Scott Sidel
Information Security Magazine
TriGeo's EPIC Technology
TriGeo's event correlation, known as EPIC (Effective Policy through Intelligent Correlation), is patent-pending
technology designed specifically for high-performance, real-time analysis and multi-dimensional correlation.
TriGeo is the only SIM product on the market using 64bit, in-memory, technology to deliver multiple-event,
field-level, non-linear correlation.
Performance is maximized because TriGeo's correlation engine isn't based on database technology - there is no
bottleneck associated with database insertion or query speeds.
What does this mean to your organization?
That only TriGeo was built to perform complex correlations in real-time.
TriGeo Event Correlation Highlights:
- Real-Time Event Analysis
- In-Memory Processing
- Multiple-Event Correlation
- Non-Linear Correlation
- Environmental Awareness
- Intuitive Graphical Interface
- Arsenal of Active Reponses
Consider these critical factors when evaluating event correlation products
Click here
