Tenable Solutions

SIEM

Tenable Network Security's Unified Security Monitoring strategy for compliance and security monitoring surpasses traditional Security Information and Event Management (SIEM) concepts. Tenable's SIEM technology collects all logs, software activity, user events and network traffic. All data is analyzed for correlated events and impact on compliance. Event context about any system is provided by Tenable Nessus vulnerability and configuration scans or real-time monitoring with the Tenable Passive Vulnerability Scanner.

Alerting

Configure and receive automatic alerts based on customized event thresholds.

Event Correlation

Multiple forms of correlation are available for all events including statistical anomalies, associating IDS event with vulnerabilities and alerting on first time seen events.

Log Normalization

Normalize, correlate and analyze user and network activity from log data generated by any device or application across the enterprise in a central portal.

User Monitoring

Any event such as a NetFlow, IDS detection, firewall log, file access, system error or login failure can be associated with users for easy reporting and insider threat detection.

NetFlow Analysis

Each instance of the Tenable Log Correlation Engine includes agents for many different platform technologies - including NetFlow. This enables collection of NetFlow traffic logs from routers, switches and other network devices.

Network Content Analysis

The Tenable Passive Vulnerability Scanner is used to monitor network traffic in real-time. It produces an accurate vulnerability report and produces a real-time forensic log of network events such as shared files, DNS lookups and social network activity.