Empower stakeholders with single-pane visibility and insights Enrich firewall security data

Similar documents
You Can See Everything From Our Windows

SONICWALL CAPTURE SECURITY CENTER

SONICWALL CAPTURE SECURITY CENTER

SONICWALL CAPTURE SECURITY CENTER

SONICWALL GLOBAL MANAGEMENT SYSTEM Comprehensive security management, monitoring, reporting and analytics

SONICWALL GLOBAL MANAGEMENT SYSTEM

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

THE SONICWALL CLEAN VPN APPROACH FOR THE MOBILE WORKFORCE

Un SOC avanzato per una efficace risposta al cybercrime

Enhanced Threat Detection, Investigation, and Response

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Trisul Network Analytics - Traffic Analyzer

Novetta Cyber Analytics

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Compare Security Analytics Solutions

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

CloudSOC and Security.cloud for Microsoft Office 365

Kerio Control. Unified Threat Management without Complexity. Presenters name. Presented by

SentryWire Next generation packet capture and network security.

SentryWire Next generation packet capture and network security.

McAfee Endpoint Threat Defense and Response Family

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

RSA NetWitness Suite Respond in Minutes, Not Months

SIEM Solutions from McAfee

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

McAfee Network Security Platform 9.2

McAfee Advanced Threat Defense

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Cisco Stealthwatch Endpoint License

Seceon s Open Threat Management software

McAfee Security Management Center

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Noam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age

SONICWALL SECURITY HEALTH CHECK SERVICE

TALK. agalaxy FOR THUNDER TPS REAL-TIME GLOBAL DDOS DEFENSE MANAGEMENT WITH A10 DATA SHEET DDOS DEFENSE MONITORING AND MANAGEMENT

Industrial Defender ASM. for Automation Systems Management

SonicWall GMS 9.0. Getting Started Guide

Snort: The World s Most Widely Deployed IPS Technology

Symantec Advanced Threat Protection: Endpoint

1110 Cool Things Your Firewall Should Do. Extend beyond blocking network threats to protect, manage and control application traffic

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

RSA INCIDENT RESPONSE SERVICES

Monitoring network bandwidth on routers and interfaces; Monitoring custom traffic on IP subnets and IP subnets groups; Monitoring end user traffic;

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

CONTENTS. Technology Overview. Workflow Integration. Sample Customers. How It Works

Sustainable Security Operations

How Vectra Cognito enables the implementation of an adaptive security architecture

RSA Security Analytics

Unlocking the Power of the Cloud

RSA INCIDENT RESPONSE SERVICES

Integrated, Intelligence driven Cyber Threat Hunting

All Events. One Platform.

McAfee Network Security Platform 8.3

Securing Your Amazon Web Services Virtual Networks

Security. Risk Management. Compliance.

align security instill confidence

USM Anywhere AlienApps Guide

Cisco Tetration Analytics

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

Client Health Key Features Datasheet. Client Health Key Features Datasheet

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

IBM Proventia Management SiteProtector Sample Reports

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...

ACTIONABLE SECURITY INTELLIGENCE

SIEMLESS THREAT MANAGEMENT

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Securing Your Microsoft Azure Virtual Networks

SIEM: Five Requirements that Solve the Bigger Business Issues

McAfee Network Security Platform 9.1

AT&T SD-WAN Network Based service quick start guide

Introduction... 2 Assumptions... 2

with Advanced Protection

Comprehensive Citrix HDX visibility powered by NetScaler Management and Analytics System

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Vendor: Cisco. Exam Code: Exam Name: Implementing Cisco Threat Control Solutions. Version: Demo

Customer Advantage Program

About DPI-SSL. About DPI-SSL. Functionality. Deployment Scenarios

Subscriber Data Correlation

Cisco ISR G2 Management Overview

Aligning Agency Cybersecurity Practices with the Cybersecurity Framework

SonicOS Platform. Firewall features

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

ForeScout Extended Module for Splunk

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

How can we gain the insights and control we need to optimize the performance of applications running on our network?

Recommended QoS Configuration Settings for. Dell SonicWALL SOHO Router

Dell SonicWALL SonicOS

Trends and challenges Managing the performance of a large-scale network was challenging enough when the infrastructure was fairly static. Now, with Ci

BIG-IP Analytics: Implementations. Version 13.1

INTEGRATION BRIEF DFLabs and Jira: Streamline Incident Management and Issue Tracking.

CND Exam Blueprint v2.0

Transcription:

SonicWall Analytics Transforming data into information, information into knowledge, knowledge into decisions and decisions into actions SonicWall Analytics provides an eagle-eye view into everything that is happening inside the SonicWall network security environment all through a single pane of glass. At its core is a powerful, intelligence-driven analytic engine that automates the aggregation, normalization, correlation and contextualization of security data flowing across all SonicWall firewalls and wireless access points. The application s interactive dashboard uses various forms of time-use charts and tables to create knowledge representations of the data models. Analytics presents results in a meaningful, actionable and easily consumable manner. This empowers security teams, analysts, auditors, boards and C-suites to discover, interpret, prioritize, make evidencebased decisions, and take appropriate defensive and corrective actions against risks and threats as they unfold in the discovery process. Analytics provides stakeholders with realtime insights and single-pane visibility, authority and flexibility. As a result, they can perform deep drill-down investigative and forensic analysis of network traffic, user access, connectivity, applications and utilization, state of security assets, security events, threat profiles and other firewall-related data. Benefits: Get single-pane visibility and complete situational awareness of the network security environment Have complete authority and flexibility to perform deep investigative and forensic analysis Gain deeper knowledge and understanding of potential and real risks and threats Remediate risks with greater clarity, certainty and speed Reduce incident response time with real-time, actionable threat intelligence Gain eagle-eye view into everythingg Partner Enabled Services Calibrate security policies and controls Exercise risk-based decision-making and remediation Operationalize analytics via real-time, actionable alerts Show enriched data in a meaningful, actionable and consumable manner, and speed DETECT AND REMEDIATE VISUALIZE DYNAMICALLY AGGREGATE DATA Actionable Insight and Knowledge USER ANALYTICS CONTEXTUALIZE DATA STREAM ANALYTICS Empower stakeholders with single-pane visibility and insights Enrich firewall security data Create knowledge representations of analytic data Monitor results with greater clarity, certainty and speed Need help to plan, deploy or optimize your SonicWall solution? SonicWall Advanced Services Partners are trained to provide you with world class professional services. Learn more at www.sonicwall.com/pes. Perform deep drill-down investigative and forensic analysis

This deep knowledge and understanding of the security environment provides the intelligence and capacity to uncover and orchestrate remediation to security risks, and monitors and tracks the results with greater clarity, certainty and speed. Integrating Analytics into the business process helps operationalize analytics, thus transforming data into information, information into knowledge and knowledge into decisions toward achieving security automation. 2

Analytics features Feature Data aggregation Data contextualization Streaming analytics User analytics Real-time dynamic visualization Rapid detection and remediation Flow analytics and reports Application traffic analytics Description Intelligence-driven analytic engine automates the aggregation, normalization, correlation, and contextualization of security data flowing through all firewalls. Actionable analytics, presented in a structured, meaningful and easily consumable way, empower security team, analyst and stakeholders to discover, interpret, prioritize, make decisions and take appropriate defensive actions. Streams of network security data are continuously processed, correlated and analyzed in real-time and the results are illustrated in a dynamic, interactive visual dashboard. Deep analysis of users activity trends to gain full visibility into their utilization, access, and connections across the entire network. Through a single-pane-of glass, security team can perform deep drill-down investigative and forensic analysis of security data with greater precision, clarity and speed. Investigative capabilities to chase down unsafe activities and to quickly manage and remediate risks. Provides a flow reporting agent for application traffic analytics and usage data through IPFIX or NetFlow protocols for real-time and historical monitoring. Offers administrators an effective and efficient interface to visually monitor their network in real-time, providing the ability to identify applications and websites with high bandwidth demands, view application usage per user and anticipate attacks and threats encountered by the network. A Real-Time Viewer with drag and drop customization A Real-Time Report screen with one-click filtering A Top Flows Dashboard with one-click View By buttons A Flow Reports screen with five additional flow attribute tabs A Flow Analytics screen with powerful correlation and pivoting features A Session Viewer for deep drill-downs of individual sessions and packets. Provides organizations with powerful insight into application traffic, bandwidth utilization and security threats, while providing powerful troubleshooting and forensics capabilities.

Feature summary Summary Dashboard with visualizations and charts Bandwidth rate CPU utilization Connection count Connection rate per second Risk index (scale 1-10) Block percentage Total connections Total data transferred Top applications Top intrusions Top URL categories Top viruses Number of viruses, intrusions, spyware, botnets Live Monitor streaming with area/bar charts Applications Interface ingress/egress, average, min, peak Bandwidth Packet rate Packet size Connection rate Usage Connection count Multi-core monitor Top Summary Dashboards with drill-downs Applications Users es Intrusions Web categories Sources Destinations Source locations Destination locations BW queues Botnet Reports with drill-downs, export to pdf/csv, and scheduled emailing Applications / Users / Sources / Destinations Connections Total connections blocked Connections blocked by access rule Connections blocked by threat Connections blocked by botnet filter Connections blocked by GeoIP filter Connections blocked by Content Filtering Service Intrusions Total data transferred Data sent Data received es / Intrusions / / Web categories / Source locations / Destination locations / BW queues Connections Total data transferred Data sent Data received Botnet Connections Export.pdf.csv Scheduled Reports Flow Reporting Capture Threat Assessment (SWARM) Daily / Weekly / Monthly Archive / Email / PDF Analytics Session Viewer with drilldowns, filtering, export of individual session data Traffic analytics on any combination of: Application App Category App Risk Signature Action Initiator/responder IP Initiator/responder country Initiator/responder port Initiator/responder bytes Initiator/responder interface Initiator/responder index Initiator/responder gateway Initiator/responder MAC Protocol Rate (kbps) Flow ID Intrusion Botnet Threats / Blocked analytics on any combination of: Threat name Threat type Threat ID Application App category App risk Signature Action Initiator/responder IP Initiator/responder country Initiator/responder port Initiator/responder bytes Initiator/responder interface Initiator/responder index Initiator/responder Gateway Initiator/responder MAC Protocol Rate (kbps) Flow ID Intrusion Botnet 4

Feature summary con't URL / Blocked analytics on any combination of: URL URL category URL domain Application App category App risk Signature Action Initiator/responder IP Initiator/responder country Initiator/responder port Initiator/responder bytes Initiator/responder interface Initiator/responder index Initiator/responder gateway Initiator/responder MAC Protocol Rate (kbps) Flow ID Intrusion Botnet Analytics Flow Monitor drill-down and pivot on flow parameters Applications Names Categories Signatures Users Name IP Address Domain names Authentication types Web activities Websites Web categories URLs Sources IP addresses Interfaces Countries Destinations IP addresses Interfaces Countries Threats Intrusions es Spam Botnets VoIP Media types Caller IDs Devices IP addresses Interfaces Names Contents Email addresses File types Bandwidth management Inbound Outbound All URL Sessions Total packets Total bytes Threats Star Graphs point-to-point visualizations, drill-downs, and pivoting Sources / Users / Locations / Devices To/from Destinations Applications Web activities Threats Filtered by Number of connections Data transferred Packets exchanged Number of threats Halo highlighting for Threats Data > 1 MB Connections >1000 Packets >1000 5

Licensing and Packaging Reporting (Netflow/ IPFIX based) Analytics (Netflow/ IPFIX based) Features Lite and Reporting Analytics Backup/Restore firewall system Yes Yes Yes Yes Backup/Restore firewall preferences Firmware upgrade Yes Yes Yes Yes From local file only From local file only or MySonicWall Yes From local file only Task scheduling Yes Yes Group firewall management Yes Yes Inheritance forward/reverse Yes Yes Zero touch deployment 1 Yes Yes Offline firewall signature downloads Yes Yes Workflow Yes Yes Pooled Licenses Search, Sharing, Used Activation Code Inventory Schedule reports, Live monitor, Summary dashboards Download Reports: Applications, Threats, CFS, Users, Traffic, Source/Destination (1- year flow reporting) Network forensic and threat hunting using drilldown and pivots Yes Yes Yes Yes Yes Yes Yes Cloud App Security Yes 30-day traffic data retention Yes Technical Support Web Cases only 24x7 support 24x7 support 24x7 support 1 Supported for SOHO-W with firmware 6.5.2+; TZ, NSA series and NSa 2650-6650 with firmware 6.5.1.1+. Not supported for SOHO or NSv series. Capture Security Center ordering information Product SonicWall Capture Security Center for TZ Series, NSv 10 to 100 1Yr SonicWall Capture Security Center for TZ Series, NSv 10 to 100 2Yr SonicWall Capture Security Center for TZ Series, NSv 10 to 100 3Yr SonicWall Capture Security Center for NSA 2600 to 6650 and NSv 200 to 400 1Yr SonicWall Capture Security Center for NSA 2600 to 6650 and NSv 200 to 400 2Yr SonicWall Capture Security Center for NSA 2600 to 6650 and NSv 200 to 400 3Yr SonicWall Capture Security Center and Reporting for TZ Series, NSv 10 to 100 1Yr SonicWall Capture Security Center and Reporting for TZ Series, NSv 10 to 100 2Yr SonicWall Capture Security Center and Reporting for TZ Series, NSv 10 to 100 3Yr SonicWall Capture Security Center and Reporting for NSA 2600 to 6650 and NSv 200 to 400 1Yr SonicWall Capture Security Center and Reporting for NSA 2600 to 6650 and NSv 200 to 400 2Yr SonicWall Capture Security Center and Reporting for NSA 2600 to 6650 and NSv 200 to 400 3Yr SonicWall Capture Security Center Analytics for TZ Series, NSv 10 to 100 1Yr SonicWall Capture Security Center Analytics for NSA 2600 to 6650 and NSv 200 to 400 1Yr SKU 01-SSC-3664 01-SSC-9151 01-SSC-9152 01-SSC-3665 01-SSC-9214 01-SSC-9215 01-SSC-3435 01-SSC-9148 01-SSC-9149 01-SSC-3879 01-SSC-9154 01-SSC-9202 02-SSC-0171 02-SSC-0391 6

Internet browsers Microsoft Internet Explorer 11.0 or higher (do not use compatibility mode) Mozilla Firefox 37.0 or higher Google Chrome 42.0 or higher Safari (latest version) Supported SonicWall appliances managed by Capture Security Center SonicWall Network Security Appliances: NSa 2600 to NSa 6650, and TZ Series appliances SonicWall Network Security Virtual Appliances: NSv 10 to NSv 400 About Us SonicWall has been fighting the cybercriminal industry for over 27 years, defending small, medium-sized businesses and enterprises worldwide. Our combination of products and partners has enabled an automated real-time breach detection and prevention solution tuned to the specific needs of the more than 500,000 organizations in over 215 countries and territories, so you can do more business with less fear. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram. SonicWall, Inc. 1033 McCarthy Boulevard Milpitas, CA 95035 Refer to our website for additional information. www.sonicwall.com 2018 SonicWall Inc. ALL RIGHTS RESERVED. SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners. Datasheet-Analytics-US-VG-MKTG4730

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback