Event Correlation & Log Consolidation

Today's security software and devices can generate hundreds of thousands of log entries every hour. In small environments an administrator can review these log files on a regular basis and attempt to identify anomalies but as the number of devices on a network grows, it becomes impossible to effectively monitor all the logged events manually, not only because of the shear volume of log entries but also because of the distributed nature of networks.

Making sense of multiple log entries from multiple devices is what event correlation is all about. Log entries from routers, firewalls, proxy servers, content filters, VPN concentrators and other devices and software is first consolidated to a single location where all the events can be analysed. All this happens in real time, with on the fly reporting, which allows security incidents to be identified immediately.

Depending on the organization size, amount of data and devices and the types of reports required there are many different solutions available. Nclose will assist in gauging these factors to ensure the correct solution is implemented.

System and Network Monitoring

Nclose considers system and network monitoring a security function as much as we consider it a function of network administration. The ability to monitor network activity and system availability can become a strong security tool, when proactively managing your network. This information is also valuable for capacity planning and often required by auditors. This can also be combined with event correlation and log consolidation to form a complete network and security monitoring solution.