|
楼主 |
发表于 2009-3-2 21:19:35
|
显示全部楼层
Features(特性)
Scalable, Distributed Architecture(可升级的,分布式架构)
Centralized Event Correlation(集中式的事件关联)
Easy Deployment(易于部署)
Easy Maintenance(易于维护)
Scalable, Distributed Architecture (可升级的,分布式架构)
The Event Correlation Software Blade delivers a flexible, scalable platform capable of managing millions of logs per day per correlation unit in large enterprise networks. Through its distributed architecture, the Event Correlation blade can be installed on a single server but has the flexibility to spread its processing load across multiple correlation units.
事件关联软件刀片提供了一个灵活的,可扩展的平台,能够在大型企业网络中管理每天每关联单位产生的数以万计的记录。通过它的分布式架构,事件关联刀片能被安装在一个单一服务器上,其灵活性表现在它的处理负载分布在多个关联单元上。
Centralized Event Correlation(集中式事件关联)
The Event Correlation Software Blade provides centralized event correlation and management for all Check Point products—as well as third-party devices such as firewalls, routers, switches, operating systems, mail servers, Web servers, intrusion detection systems, and antivirus applications. Raw log data is collected via secure connections from Check Point and third-party devices by the Event Correlation Software Blade correlation units where it is centrally aggregated, normalized, correlated, and analyzed. Third-party device logs can be easily converted into Check Point format by the patent-pending log parsing technology within the Event Correlation blade. Data reduction and correlation functions are performed at various layers, so only significant events are reported up the hierarchy for further analysis. Log data that exceeds the parameters set in predefined event policies triggers security events. The Event Correlation blade provides a large number of predefined, but easily customizable, security events for quick deployment. These events can be unauthorized scans targeting vulnerable hosts, unauthorized logins, denial of service attacks, network anomalies, and other host-based activity. IT security staffers can also easily create their own events using a wizard or predefined event to fine-tune the system to their particular needs.
事件关联软件刀片提供了集中的事件管理和管理,包括所有的Check Point产品,第三方产品,比如防火墙,路由器,交换机,操作系统,邮件服务器,web服务器,入侵检测系统,和防病毒应用程序。通过安全的连接从Check Point和第三方设备上收集原始数据,送到时间关联软件刀片关联单元集中的聚合,恢复,关联和分析。第三方设备日志能够被容易的转化为Check Point格式,这是通过在事件关联刀片中的日志分析技术(正在申请专利)实现的。在各个层次提供了数据整理和关联功能,所以只有重要的事件被报告到上层做进一步的分析。那些违反了预先定义的事件策略的记录事件触发安全事件。事件关联刀片提供了大量的预定义策略,并易于自定义安全事件,实现了快速部署的目的。这些事件可能是未授权的目标主机扫描,未授权的登录,拒绝服务攻击,网络异常和其他基于主机的活动。IT安全人员使用向导和预定义的事件容易的创建他们自己的事件以更好的调节系统满足特定的需求。
Events are then further analyzed and severity levels assigned. Based on the severity level, an automatic action may be triggered at this point to stop the harmful activity immediately at the gateway. As new information flows in, severity levels can be adjusted to adapt to changing conditions.
事件然后进一步分析做严重级别分类。基于严重级别,一个自动的动作可能在这一点上被触发,在网关上立即停止有害的活动。当信的信息流进入时,严重级别能被适当的调节以适应变化的条件。
Easy Deployment (易于部署)
The Event Correlation Software Blade interfaces with existing SmartCenter™ and Provider-1® log servers, eliminating the need to configure each device log server separately for log collection and analysis. All objects defined in SmartCenter or Provider-1 are automatically accessed and used by the Event Correlation blade server for event policy definition and enforcement. In addition, this tight integration enables the Event Correlation blade to automatically learn the network’s topology and detect correlated events that are sensitive to topological parameters.
事件关联软件刀片接口使用已经存在的SmartCenter和Provider-1日志服务器,消除了为日志收集和分析目的在每个设备进行配置的要求。在SmartCenter和Provider-1上定义的所有对象被事件关联刀片自动地访问和使用,为事件策略定义和执行的政策。附加的,这种紧密地集成使事件关联刀片能自动地学习网络的拓扑和检测那些拓扑参数敏感的关联事件。
Easy Maintenance (易于维护)
Once installed on the network, the Event Correlation Software Blade has a learning mode to baseline the normal activity pattern for a given site and suggest policy changes for fine-tuning the system. Easy-to-use event wizards provide users greater flexibility in customizing events to suit their particular environments. The ease of installation and maintenance enables customers to leverage existing IT/security staff
一旦在网络上被安装,事件关联软件刀片具有一个学习模式,对于一个给定的站点建立一个正常活动模式的基线,并且为更好的地微调系统提出策略改变的建议。易于使用的事件向导提供用户在自定义事件中极大的灵活性以满足他们特定的环境。易于安装和维护使客户充分利用现有的IT/安全职员 |
|