Tenable and Reconnex
Tenable's Log Correlation Engine (LCE) can accept events from the Reconnex iGuard. If you are not familiar with products like the iGuard, it is a sophisticated network traffic analyzer that can look for social security numbers, credit card numbers, and important corporate data as it flows across instant messaging, email attachments, web surfing and most other forms of network traffic.
Having the LCE be able to parse logs from the iGuard allows users of the Security Center to analyze traffic on their separate network segments. This means Joe from accounting can see the iGuard events for his network and Sue from HR can get alerted for their events. Tenable has also written some advanced TASL correlation rules that look for systems being attacked and then having their sensitive data transferred by the attacker. Using intrusion detection logs and iGuard logs, the LCE can recognize when a system has been under attack and then sensitive data has been obtained from the target.
Related Articles
- Log Analysis