1.1 Sentinel 6.1 Rapid Deployment Overview

Sentinel is a security information and event management solution that receives information from many sources across an enterprise, standardizes it, prioritizes it, and presents it to you so that you can make threat, risk, and policy-related decisions.

Sentinel automates the log collection, analysis, and reporting processes to ensure that IT controls are effective in supporting threat detection and audit requirements. Sentinel replaces labor-intensive manual processes with automated, continuous monitoring of security and compliance events and IT controls.

Sentinel also gathers and correlates security and non-security information from across the networked infrastructure of an organization, as well as the third-party systems, devices, and applications. Sentinel presents the collected data in a GUI, identifies security or compliance issues, and tracks remedial activities to streamline the error-prone processes and build a rigorous and secure management program.

Automated incident response management enables you to document and formalize the process of tracking, escalating, and responding to incidents and policy violations, and provides two-way integration with trouble-ticketing systems. Sentinel enables you to react promptly and resolve incidents efficiently.

Solution Packs are a simple way to distribute and import Sentinel correlation rules, dynamic lists, maps, reports, and iTRAC workflows into controls. These controls can be designed to meet specific regulatory requirements, such as the Payment Card Industry Data Security Standard, or they can be related to a specific data source, such as user authentication events for a database.

With Sentinel Rapid Deployment, you get:

The following is an illustration of the conceptual architecture of Sentinel Rapid Deployment, which shows the components involved in performing security and compliance management.

Figure 1-1 Conceptual Architecture of Sentinel