Check Point Eventia Analyzer

Check Point Eventia Analyzer Overview:

Eventia® Analyzer is a comprehensive security event management solution that automatically prioritizes events for decisive, intelligent action.

Your Challenge:

Today’s complex, multilayered security architecture consists of many devices to ensure that servers, hosts, and applications running on the network are protected from harmful activity. These devices all generate voluminous logs that are difficult and time consuming to interpret. In a typical enterprise, an intrusion detection system can produce more than 500,000 messages per day and firewalls can generate millions of log records a day. In addition, the logged data may contain information that appears to reflect normal activity when viewed on its own, but reveal evidence of abnormal events, attacks, viruses, or worms when raw data is correlated and analyzed. Enterprises need control over and practical value from the deluge of data generated by network and security devices.

0ur Solution:

The Eventia® Suite is a security information and event management (SIEM) solution designed to help IT security departments reduce the cost and complexity of security log analysis and reporting. The Eventia Suite includes Eventia Analyzer for real-time security event correlation and Eventia Reporter for centralized reporting and historical trend analysis. Eventia Analyzer correlates log data from Check Point perimeter, internal, Web, and endpoint security devices—as well as thirdparty security devices—automatically prioritizing security events for decisive, intelligent action. By automating the aggregation and correlation of raw log data, Eventia Analyzer not only minimizes the amount of data that needs to be reviewed but also isolates and prioritizes real security threats. These threats may not have been otherwise detected when viewed in isolation per device, but pattern anomalies appear when data is correlated over time. With Eventia Analyzer, security teams no longer need to comb through the massive amount of data generated by the devices in their environment. Instead, they can focus on deploying resources versus the threats that pose the greatest risk to their businesses.

Features & Benefits:

Product Features

• n Centralized event correlation for Check Point gateways and third-party devices
• Intelligent learning mode to baseline normal activity
• Predefined and custom security events
• Real-time alerts and automated blocking of harmful activity
• Integrated with Check Point SmartCenter and Provider-1
• Patent‑pending log parsing editor converts third-party device logs to Check Point format

Product Benefits

• Filters out noise to identify security events that matter
• Reduces business risk by responding in real-time
• Prioritizes resources to address the most critical threats
• Provides ease of deployment and use for low TCO
• Addresses regulatory compliance requirements

Eventia Analyzer provides a large number of predefined events and a wizard for quick event customization.

The capability of Eventia Analyzer to drill down on a specific event lets it detect threats that other solutions might not discover.

Scalable, Distributed Architecture:

Eventia Analyzer delivers a flexible, scalable platform capable of managing millions of logs per day per correlation unit in large enterprise networks. Through its distributed architecture, Eventia Analyzer can be installed on a single server but has the flexibility to spread its processing load across multiple correlation units.

Centralized Event Correlation:

Eventia Analyzer provides centralized event correlation and management for all Check Point products—as well as third-party devices such as firewalls, routers, switches, operating systems, mail servers, Web servers, intrusion detection systems, and antivirus applications. Raw log data is collected via secure connections from Check Point and third-party devices by Eventia Analyzer correlation units where it is centrally aggregated, normalized, correlated, and analyzed. Third-party device logs can be easily converted into Check Point format by the patent-pending log parsing technology within Eventia Analyzer. Data reduction and correlation functions are performed at various layers, so only significant events are reported up the hierarchy for further analysis. Log data that exceeds the parameters set in predefined event policies triggers security events. Eventia Analyzer provides a large number of predefined, but easily customizable, security events for quick deployment. These events can be unauthorized scans targeting vulnerable hosts, unauthorized logins, denial of service attacks, network anomalies, and other host-based activity. IT security staffers can also easily create their own events using a wizard or predefined event to fine-tune the system to their particular needs.

Events are then further analyzed and severity levels assigned. Based on the severity level, an automatic action may be triggered at this point to stop the harmful activity immediately at the gateway. As new information flows in, severity levels can be adjusted to adapt to changing conditions.

Easy Deployment:

Eventia Analyzer interfaces with existing SmartCenter™ and Provider-1® log servers, eliminating the need to configure each device log server separately for log collection and analysis. All objects defined in SmartCenter or Provider-1 are automatically accessed and used by the Eventia Analyzer server for event policy definition and enforcement. In addition, this tight integration enables Eventia Analyzer to automatically learn the network’s topology and detect correlated events that are sensitive to topological parameters.

Easy Maintenance:

Once installed on the network, Eventia Analyzer has a learning mode to baseline the normal activity pattern for a given site and suggest policy changes for fine-tuning the system. Easy-to-use event wizards provide users greater flexibility in customizing events to suit their particular environments. The ease of installation and maintenance enables customers to leverage existing IT/ security staff.

Documentation:

Download the Check Point Eventia Analyzer Datasheet (PDF).