A New Generation of Security Information and Event Management Solutions
High Tower’s new Cinxi SIEM appliances were developed to address the rapidly growing need for advanced network defense intelligence and comprehensive log management tools that improve network security and satisfy the growing number of regulatory compliance requirements. The new systems build on High Tower’s award-winning software capabilities and couple them with a powerful new line of hardware platforms.
Cinxi SIEM appliances offer unparalleled speed and performance for better situational awareness, rapid in-depth analysis of computer network attack and exploitation (CNA/CNE) activities, effective risk mitigation, flexible distributed deployment capabilities to accommodate complex networking environments, and powerful log management and reporting features to support historical analysis and audits.
Holistic Approach to Security and Compliance
Perimeter defense alone is no longer sufficient to effectively manage the risks to information assets organizations face today. An evolving threat landscape characterized by surreptitious attacks and compounded by an increase in regulatory mandates demands a more comprehensive approach to risk management. Cinxi appliances collect and analyze information from perimeter security devices, but also correlate data on network devices, applications, and users to deliver a more complete view of critical threats to vital information assets.
Flexible, Extensible Platform
Cinxi appliances and components offer a wide-range of cost-effective solutions to meet the most demanding log management, compliance, and security intelligence requirements. The flexible hardware-based solution architecture allows organizations to deploy the most appropriate equipment for optimal performance and reduced operational costs. All Cinxi appliances are free of per-device or per-user licensing charges, allowing for greater flexibility in deployment and lower administrative overhead.
Cinxi appliances work in your existing environment — collecting, correlating, and managing data from existing systems; there is no additional hardware to buy or software to license. Flexible analytics and reporting modules allow you to easily fine tune the system to best meet the unique requirements of your organization.
Ranger, Midway, and Enterprise models offer advanced service-oriented software architecture (SOA) that provides greater operational reliability and flexibility. Services can be added, updated or configured without impacting the rest of the system; memory-intensive services (such as reporting) can even be offloaded to separate hardware platforms to improve overall performance and provide greater flexibility in the solution architecture.
Scalability
High Tower offers several scalability advantages that make the Cinxi SIEM series an excellent solution for extensive network environments:
- Distributed architecture supports unlimited reporting devices
- Low cost solutions to support remote locations or low-bandwidth installations
- Master Console for centralized command and control
- Local-level security analysis with global overview of events
- Local or centralized log storage
- No per-device licensing charges
- No per-user seat licensing
Cinxi’s component-based system architecture is ideal for meeting the complex requirements for wide-scale log management and security/compliance monitoring. Through the use of High Tower’s low-cost hardware-based SIEM systems, each location can have complete secure, segregated access to its own logs and security alerts for day-to-day management; that same data can then be easily rolled-up to regional systems for a broader view of activities, and then again to an enterprise operations or security center for centralized overview and management.
By eliminating complex software licensing schemes, organizations have greater flexibility in architecting the final solution, and will enjoy lower administrative overhead since there are no per-device or per-user licenses to constantly monitor and manage.
Intelligent Cross-device Correlation and Analysis
At the heart of Cinxi SIEM appliances is the most powerful cross-device correlation engine available on the market today. MetaRules, Cinxi’s proprietary analytics system, are predominantly behavior-based functioning much the same way an experienced intrusion analyst would. The system monitors vast amounts of data from disparate resources and identifies, through a culmination of extensive security expertise, combinations of events that are highly-accurate, reliable indicators of malicious or undesirable activities. Through the information it collects and its advanced correlation and analysis capabilities, the Cinxi SIEM can identify nearly every known type of internal or external attack/incident such as Denial of Service, brute force attempts, peer-to-peer file sharing, policy violations, vulnerability exploits, viruses, worms, Trojans, and more.
In addition, since the Cinxi SIEM is not dependent on signatures, it is extremely effective at defending against Zero-day attacks and specific policy violations.
Real-time Monitoring and Alerting for Security and Compliance
With the fastest correlation speeds available on the market, Cinxi appliances provide real-time visibility into active threats on the network — whether they be external attacks or internal policy violations — reducing both security and compliance risk to the organization.
The Cinxi SIEM appliance expedites incident response capabilities by automatically alerting users to malicious activity based on severity. Alerts are available both through the user console and via remote notification methods such as email and SMS messaging. Each alert provides instant drill-down to supporting data so security administrators can evaluate the data that caused the alert and determine the most effective response based on organizational policies and operational standards. Further, the SIEM provides recommended mitigation steps and allows for complete workflow tracking and reporting, allowing security mangers to track activity and ensure timely remediation of identified incidents.
Log Management and Reporting
Individual Cinxi appliances can collect over 115,000 events per second (EPS) from a wide range of disparate network and security devices. Once collected, logs are normalized and stored - protected by hardware-based 3DES encryption and MD5 checksums to ensure file integrity. With hundreds of prepackaged reports and an intuitive custom report generator, the Cinxi SIEM allows administrators to easily investigate incidents and compare them against historical data to get a better understanding of an incident, investigate whether the incident or attacker has attacked the network previously, and what systems have been affected. The flexible reporting system allows administrators to search raw logs based on a wide-range of criteria, such as IP addresses, ports, standard text queries, rules, time stamps, case status, and countless other methods.
Prepackaged compliance reports includes comprehensive coverage for: SOX, PCI, HIPAA, GLBA, ISO 17799/27001, FIPS, FISMA, FERPA and many more.
