NetIQ Security Manager Modules
NetIQ Security Manager provides real–time monitoring of system changes and user activity, detection of threats and intrusions, security event management and correlation, log management and incident response automation—all with a single, integrated and scalable infrastructure.
NetIQ delivers this capability through the packaging of change monitoring, user monitoring, event management, correlation and log analysis across critical areas of your IT infrastructure, both at the host and the network levels.
NetIQ Security Manager includes imbedded knowledge specific to Windows, Active Directory, Group Policy, Unix, Linux, Oracle, iSeries, Cisco and many other industry leading security applications and network devices. This means NetIQ can implement security best practices to better protect critical data, automate compliance tasks and streamline incident response.
The key technology areas where NetIQ modules bring comprehensive, integrated SIEM capabilities together are outlined below.
Windows and Active Directory
NetIQ Security Manager delivers a best-of-breed solution that benefit Microsoft users by deploying quickly and easily, and integrating through an open, service-oriented architecture allowing for common reporting, analytics and dashboards. NetIQ can improve the operation of Windows and Active Directory through specific features and functionality including:
- Analyzing and consolidating events from managed Windows servers and workstations to detect a variety of occurrences and alert on them.
- Sending alerts to Security Manager consoles, along with further notification to staff via email or pager.
- Responding automatically (stop a service, run a script, etc.) to protect against security threats.
- Collecting, archiving, analyzing and reporting on Windows and IIS application logs. Security Manager provides comprehensive management for application, system, security, file replication service, DNS server, directory service and IIS logs.
Unix and Linux
NetIQ enables companies to meet business requirements by providing solutions to successfully monitor, manage, and secure their UNIX/Linux servers. NetIQ Security Manager delivers a comprehensive SIEM solution for heterogeneous environments from a single, centralized console. Security Manager monitors Windows computers to detect user activity, perform forensic analysis on log files, and send notifications to security personnel. Key capabilities include:
- Monitoring Unix and Linux computers to detect unauthorized and dangerous activities.
- Securing your enterprise from internal and external attacks by automatic delivery of new and updated security intelligence rules.
- Detecting user account access, security configuration changes, and unauthorized processes running.
- Supporting many Unix and Linux operating systems, including Solaris, AIX, Red Hat Linux, SuSE Linux and HP-UX.
- Gathering log data from syslog sources, along with additional sources such as wtmp, filesystem uroot, btmp and BSM.
Network and Security Devices
NetIQ Security Manager extends comprehensive SIEM support to a variety of industry leading security and network applications and devices, including firewalls, anti-virus servers, intrusion detection/protection systems, routers and switches. Companies who have invested in these security point products can leverage and extend their investments with Security Manager through:
- Managing network devices running Cisco IOS to identify security issues (and send them to Windows agents) before they become critical.
- Identifying policy misuse and misconfigurations on network devices and across firewall servers, along with tracking administrative access and actions.
- Correlating virus events from across multiple sources.
- Detecting high severity Snort events, such as access attempts to the CGI bin, Unicode directory transversal exploits, or SQL system administrator login failures.
- Alerting on external attacks, such as unusual port scans, a malformed packet, or an IP spoofing event.
- Collecting firewall logs, audit logs and accounting logs.
VoIP/IP Telephony
NetIQ provides integrated security management solutions that empower IT organizations with the knowledge and ability to assure IT service. As a pioneer in IP Telephony management, NetIQ recognized early on that IP Telephony technology introduces complex and challenging operational issues. Managing more than 425,000 phones today, NetIQ has assured successful growth while delivering consistently high service levels across many of the largest IP Telephony deployments. NetIQ brings security management to VoIP deployments through:
- Monitoring your VoIP environment in real-time to detect security threats, including denial of service attacks, viruses, eavesdropping and toll fraud.
- Analyzing call usage patterns to spot potential abuse.
- Maintaining new correlation and log archival rules specific to VoIP security events.
- Integrating with NetIQ AppManager to forward VoIP-specific events to Security Manager.
iSeries
The IBM iSeries platform is one of the most adaptable and robust available on the market today, and houses many mission critical applications. NetIQ offers a flexible approach to address multiple security issues facing iSeries data and application access. As a result, end users can simplify and automate many routine security tasks. NetIQ Security Manager for iSeries includes:
- Analyzing and consolidating events from log files on monitored iSeries servers.
- Centralizing log data access, coupled with on-line analytical processing (OLAP) for advanced trending and forensics reports.
- Accessing QAUDJRN data to deliver an archival and forensics solution for managing event logs from iSeries servers.
