Products
Splunk Enterprise
Splunk Enterprise monitors and analyzes machine data from any source to deliver Operational Intelligence to optimize your IT, security and business performance. With intuitive analysis features, machine learning, packaged applications and open APIs, Splunk Enterprise is a flexible platform that scales from focused use cases to an enterprise-wide analytics backbone.
- Collects and indexes log and machine data from any source
- Powerful search, analysis and visualization capabilities empower users of all types
- Apps provide solutions for security, IT ops, business analysis and more
- Enables visibility across on premise, cloud and hybrid environments
- Delivers the scale, security and availability to suit any organization
- Available as software or as a cloud service
RSA Netwitness
Prevent business disruption, safeguard intellectual property and protect shareholder value with RSA NetWitness Suite. CISOs across industries depend on our comprehensive, U.S.-government accredited advanced threat detection and cyber incident response solutions to:
See data across the modern enterprise, whether on-premises, virtualized, or in the cloud.
Empower analysts to be more productive, and resolve threats better and faster.
Integrate with risk management processes and tools to deliver Business-Driven Security.
Benifits:
- Provides unmatched visibility into cyber threats lurking across an organization’s entire IT environment, from on-premise to virtual and cloud.
- Brings best practices and industry standards from NIST, US-CERT, SANS and VERIS to security operations centers; ensures response processes comply with corporate policies and regulatory requirements.
- Slashes the number of incidents to investigate while yielding more accurate alerts, minimizing false positives, and eliminating the “noise” stemming from traditional security monitoring systems.
Tripwire
Tripwire provides the most comprehensive file integrity solution for the largest enterprises. Years have been spent honing Tripwire's ability to detect and judge change and prioritize security risks with integrations that provide high value, low volume change alerts. Tripwire delivers a robust file integrity monitoring (FIM) solution, able to monitor detailed system integrity: files, directories, registries, configuration parameters, DLLs, ports, services, protocols, etc. Our enterprise integrations provide granular endpoint intelligence that supports threat detection and policy and audit compliance. With Tripwire you get continual assurance of the integrity of security configurations and complete control of all change to your IT environment.
Reduce your attack surface with proactive configuration hardening based on compliance requirements. Reduce audit preparation time and cost, with audit-ready reporting and proof of compliance. Tripwire has the largest and broadest library of supported policies and platforms with over 800 policies, and covers an array of platform OS versions and devices. Tripwire Enterprise is frequently updated to ensure you always have the coverage you need.
Cyber Ark
The CyberArk Privileged Account Security Solution is an entire account management platform that combines a password vault with strong controls and real-time threat detection. It provides solid privileged account management and security.
The tool is built with the foundation of a secure vault and master policy with several modules, such as the Enterprise Password Vault, SSH Key Manager, Privileged Session Manager and Application Identity Manager, among others loaded onto the platform. The final layer is a privileged threat analytics engine that uses behavior-based analytics to determine unauthorized access in real-time.
This solution is a software install onto a server that is either virtual or physical. The vault installs separately and is recommended to be on a physical server. After install, all management is done through an intuitive web-based management console and it can integrate directly with Active Directory to pull in users, groups and systems to be managed. From the user side, the web-based user interface is simple and easy to navigate. Users' most employed connections are prominently displayed in a favorites view when the user first logs in. All sessions are easily launched using native applications, such as the Microsoft Remote Desktop Client or by using RemoteApp.
BlueCoat
Blue Coat empowers enterprises to safely and quickly choose the best applications, services, devices, data sources, and content the world has to offer, so they can create, communicate, collaborate, innovate, execute, compete, and win in their markets.
By using Blue Coat’s proxy architecture, enterprises get the highest level of web security possible, and an ideal environment for integration with the latest advanced threat protections from across the industry. ProxySG works seamlessly with the best-of-breed technologies, including dual anti-malware engines from a variety of vendors, the latest blacklist and whitelist engines, static code analysis and sandbox brokering found in our Content Analysis System. This empowers your organization to take advantage of many third party security technologies in an actionable way, versus being traditionally deployed as passive inspection technologies.
McAfee EPO
EPO stands for ePolicy Orchestrator, an integrated security software program designed to integrate the numerous security programs used by companies. McAfee ePO is created to provide real time monitoring of security programs by providing an interactive single console that allows the user to configure each security program. McAfee ePO is security management technology that improves protection and the reduction of the threats corporations face. McAfee ePO makes it easier to protect entire networks, providing the ability to integrate services such as Web browsing and email across your organization.
The McAfee ePO offers a web based console that can be accessed from any computer this eliminates the need to install the software on multiple computers. Because the McAfee ePO is Web-based the dashboard opens in a browser, reports are created and accessed easily and users can customize the dashboard according to need. Managing systems is easier as McAfee ePO improves the usability of directories through synchronization. Automate and create actionable reports as well as export to the required formats for distribution and ease of access. McAfee ePO makes it easier to update security policies and stay in touch with the ongoing security changes.
Guardium
IBM® Security Guardium is a comprehensive data security platform that provides a full range of capabilities – from discovery and classification of sensitive data to vulnerability assessment to data and file activity monitoring to masking, encryption, blocking, alerting and quarantining to protect sensitive data.
Guardium helps secure sensitive data across a full range of environments – from databases to big data, cloud, file systems and more. Guardium also provides automated analysis to quickly uncover internal and external risks to sensitive data. The solution also easily adapts to changes in your IT environment – whether that includes adding new users, requiring more scalability, or adding new technologies.
- Discover and classify sensitive data – and uncover compliance risks – automatically
- Know who is accessing data, spot anomalies, and stop data loss with data activity monitoring across files, databases, Hadoop distributions, NoSQL platforms, and more
- Analyze data usage patterns to rapidly uncover and remediate risks with advanced, automated analytics and machine learning such as outlier detection
- Shield the business from liability with automated data compliance and extensive audit capabilities for data at rest and data in motion
- Protect critical data through encryption, masking, redaction, and dynamic blocking and alerting
- Support your entire data protection journey – from compliance to end-to-end data protection with the same infrastructure and approach
- Reduce costs and improve results using a single data protection infrastructure for your entire environment
HiPAM – Hitachi ID Privileged Access Manager
Privileged Access Manager secures access to elevated privileges. It eliminates shared and static passwords to privileged accounts. It enforces strong authentication and reliable authorization prior to granting access. User access is logged, creating strong accountability. Privileged Access Manager secures access at scale, supporting over a million password changes daily and access by thousands of authorized users. It is designed for reliability, to ensure continuous access to shared accounts and security groups, even in the event of a site-wide disaster.
Privileged Access Manager grants access to authorized users, applications and services. It can integrate with every client, server, hypervisor, guest OS, database and application, on-premises or in the cloud.
- Discovers and classifies privileged accounts and security groups.
- Randomizes passwords and stores them in an encrypted, replicated vault.
- Requires strong authentication before granting access.
- Enforces pre-authorized and one-time access policy, to grant temporary access to privileged accounts and security groups.
- Launches login sessions automatically, through browser extensions and temporary SSH trust.
- Eliminates static embedded and service account passwords.
- Logs access requests and sessions, including video capture and key-logging
Threat Grid
Threat Grid combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware. With a robust, context-rich malware knowledge base, you will understand what malware is doing, or attempting to do, how large a threat it poses, and how to defend against it.
Threat Grid rapidly analyzes files and suspicious behavior across your environment. Your security teams get context-rich malware analytics and threat intelligence, so they’re armed with insight into what a file is doing and can quickly respond to threats.
- Threat Grid analyzes the behavior of a file against millions of samples and billions of malware artifacts.
- You get a global and historical view of the malware, what it’s doing, and how large a threat it poses to your organization.
- Threat Grid identifies key behavioral indicators of malware and their associated campaigns. Security teams can save time by quickly prioritizing attacks with the biggest potential impact.
- Understand and respond to threats faster. Take advantage of Threat Grid’s robust search capabilities, correlations, and detailed static and dynamic analyses. Use tools like Glovebox to safely interact with samples and observe malware behavior directly.
PingFedreate
PingFederate, Ping Identity's enterprise identity bridge. PingFederate enables outbound and inbound solutions for single sign-on (SSO), federated identity management, mobile identity security, API security, and social identity integration. Browser-based SSO extends employee, customer and partner identities across domains without passwords, using only standard identity protocols (Security Assertion Markup Language—SAML, WS-Federation, WS-Trust, and OAuth).
Federated identity management (or “identity federation”) enables enterprises to exchange identity information securely across domains, providing browser-based SSO. Federation is also used to integrate access to applications across distinct business units within a single organization. As organizations grow through acquisitions, or when business units maintain separate user repositories and authentication mechanisms across applications, a federated solution to browser-based SSO is desirable.
This cross-domain, identity-management solution provides numerous benefits, ranging from increased end-user satisfaction and enhanced customer relations to reduced cost and greater security and accountability.
Syslog-ng
Syslog-ng is an open-source implementation of the syslog protocol for Unix and Unix-like systems. It extends the original syslogd model with content-based filtering, rich filtering capabilities, flexible configuration options and adds important features to syslog, like using TCP for transport. As of today syslog-ng is developed by Balabit IT Security Ltd. It has two editions with a common codebase.
- The ability to format log messages using Unix shell-like variable expansion (can break cross-platform log format compatibility)
- The use of this shell-like variable expansion when naming files, covering multiple destination files with a single statement
- The ability to send log messages to local applications
- Support for message flow-control in network transport
- Logging directly into a database (since syslog-ng OSE 2.1)
- Rewrite portions of the syslog message with set and substitute primitives (since syslog-ng OSE 3).
FireEye
FireEye cyber security products combat today's advanced persistent threats (APTs). As an integral piece of an Adaptive Defense strategy, our state-of-the-art network security offerings protect against cyber attacks that bypass traditional signature-based tools such as antivirus software, next-generation firewalls, and sandbox tools.
- Email Security: Defends against email-borne threats such as ransomware, phishing and malicious links and attachments.
- Endpoint Security: Detects threats and exploits against network-connected devices.
- Content Security: Detects and blocks malware in network file shares.
- Threat Analytics Platform: Provides actionable alerts on real threats based on log data and FireEye Intelligence.
Rapid 7 nexpose
Rapid7’s on-premise vulnerability management solution, Nexpose, helps you reduce your threat exposure by enabling you to assess and respond to changes in your environment real time and prioritizing risk across vulnerabilities, configurations, and controls.
Data breaches are growing at an alarming rate. Your attack surface is constantly changing, the adversary is becoming more nimble than your security teams, and your board wants to know what you are doing about it. Nexpose gives you the confidence you need to understand your attack surface, focus on what matters, and create better security outcomes.
QRADAR
IBM® QRadar® SIEM detects anomalies, uncovers advanced threats and removes false positives. It consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network. It then uses an advanced Sense Analytics engine to normalize and correlate this data and identifies security offenses requiring investigation. As an option, it can incorporate IBM X-Force® Threat Intelligence which supplies a list of potentially malicious IP addresses including malware hosts, spam sources and other threats. QRadar SIEM is available on premises and in a cloud environment.
- Sense and detect fraud, insider and advanced threats
- Perform immediate event normalization and correlation
- Sense, track and link significant incidents and threats
- Deploy QRadar SIEM on premises or in cloud environments
- Quickly and inexpensively add more storage and processing
- Provide enforcement of data-privacy policies
- Bring in threat intelligence expertise from IBM X-Force
- Enable threat-prevention collaboration and management
F5
F5's BIG-IP depth of understanding about your network’s application traffic and control over how it’s handled. It transforms the chaotic volume of network traffic into logically assembled streams of data, and then makes intelligent traffic management decisions, selecting the right destination based on server performance, security, and availability.
Local Traffic Manager (LTM): Local load balancing based on a full-proxy architecture.
Application Security Manager (ASM): A web application firewall.
Access Policy Manager (APM): Provides access control and authentication for HTTP and HTTPS applications.
Advanced Firewall Manager (AFM): On-premises DDoS protection, data centre firewall.
Application Acceleration Manager (AAM): Accelerates and optimizes application performance through technologies such as compression and caching.
IP Intelligence (IPI): Blocking known bad IP addresses, prevention of phishing attacks and botnets.
SiteMinder
SiteMinder is a centralized web access management system that enables user authentication and single sign-on, policy-based authorization, identity federation, and auditing of access to Web applications and portals.
Liferay has out of box SiteMinder integration as of version 5.1.2. The integration is based on CAS integration and only supports authenticating with screenName. It also knows how to properly terminate SiteMinder session. SiteMinder is usually connected to a LDAP so this integration is also able to import users from LDAP.
McAfee ESM
McAfee Enterprise Security Manager provides continuous visibility into threats and risk, actionable analysis to guide triage and speed investigations, and orchestration of security remediation.
Prioritized alerts surface potential threats before they occur while analyzing data for patterns that may indicate a larger threat. Built-in security use case content packs simplify analyst and compliance operations.
IBM Resilient
Respond to incidents faster, more efficiently, and more intelligently with the IBM Resilient Incident Response Platform Enterprise
IBM Resilient’s mission is to help organizations thrive in the face of cyberattacks and business crises. IBM Resilient helped create the market more than five years ago by building the industry-leading Incident Response Platform.
By using the Resilient Incident Response Platform, security teams can create a central hub for response that orchestrates the full response process dynamically, enabling faster, more intelligent response and mitigation. The Resilient Incident Response Platform (IRP) is one of the industry's only platforms that enables complete incident response orchestration across people, process, and technology.