Real-Time Event Detection, Aggregation and Normalization

Log File Life Preserver

With firewalls, routers, switches, IDS, IPS, VPN, anti-virus software and servers, most organizations are simply drowning in log files (and they don't even try to monitor workstation activity). Put an end to data overload once and for all with TriGeo SIM. TriGeo uses an event-centric normalization and a correlation process that centralizes your logs and puts everything right at your fingertips.

TriGeo's focus on real-time data ensures that you have the critical data needed to act. When seconds count, you simply can't afford to wait for systems that depend on "polling" processes to gather statistal data like netflow. TriGeo uses a combination of proprietary agent technology and backbone integration to capture and correlate data from multiple layers and provide coverage from the perimeter to the endpoint.

Event Normalization

When your existing security products recognize an event, such as a port scan, they each produce alerts and log files in unique formats that are sometimes puzzling to decipher. Without TriGeo, an administrator would review multiple logs to determine that the scan took place after it occurred. With TriGeo, these multiple events are correlated into one intelligible line of data that TriGeo can respond to in real-time with auto notification and/or active response, depending on a set of rules that you define. View the image for an example of TriGeo's event normalization process.