Real-Time Event Detection, Aggregation and Normalization with TriGeo SIM

Put an End to Data Overload with TriGeo

With firewalls, routers, switches, IDS, IPS, VPN, anti-virus software and servers, most organizations are simply drowning in log files (and they don't even try to monitor workstation activity). TriGeo uses an event-centric normalization and correlation process that centralizes your logs and puts everything right at your fingertips.

TriGeo's focus on real-time log and event analysis ensures that you have the critical data needed to act. When seconds count, you simply can't afford to wait for systems that depend on "polling" processes that can be minutes, even hours, behind what's happening on the network.

TriGeo uses a combination of proprietary agent technology and backbone integration to capture and correlate data from multiple layers and provide coverage from the perimeter to the endpoint.

Event Normalization Enables Real-Time Notification and Active Response

When security products detect activity they record events in log files that are unique to each manufacturer and often puzzling to decipher. Without TriGeo, administrators must manually review these raw logs, containing potentially millions of events, in the hope of finding some evidence of a problem – all long after it has occurred.

TriGeo's sophisticated event normalization engine correlates multiple events into one intelligible line of data that TriGeo can respond to in real-time with auto notification and/or active response, depending on a set of rules that you define.

View the image for an example of TriGeo's event normalization process.