Zscaler and SIEM and Analytics
For organizations that need to transfer their Zscaler weblogs to the enterprise SIEM, Zscaler provides Nanolog Streaming Service (NSS) as an optional add-on feature. NSS requires that a virtual appliance is installed within the customer’s network. NSS connects to the cloud and streams in all logs for the company, passing them to the corporate SIEM or other storage devices in near-real time.
By using NSS, Zscaler customers can send weblog data to the SIEM to facilitate log correlation from multiple sources, thus allowing organizations to analyze traffic patterns across their entire networks. Additionally, organizations can leverage weblog data in the SIEM to conduct extended historical analyses (> 6 months). Zscaler customers can also ensure compliance with regulatory mandates through local log archival.
AlienVault has simplified the way organizations detect and respond to today’s ever-evolving threat landscape. Our unique and award-winning approach, trusted by thousands of customers, combines the essential security controls of our all-in-one platform, AlienVault Unified Security Management, with the power of AlienVault’s Open Threat Exchange, the world’s largest crowd-sourced threat intelligence community, making effective and affordable threat detection attainable for resource-constrained IT teams. Read more about the Zscaler and AlienVault partnership.
BT is one of the world’s leading providers of communications services and solutions, serving customers in more than 170 countries. Its principal activities include the provision of networked IT services globally; local, national and international telecommunications services to its customers for use at home, at work and on the move; broadband, TV and internet products and services; and converged fixed/mobile products and services. BT consists principally of five lines of business: BT Global Services, BT Business, BT Consumer, BT Wholesale and Openreach. Read the BT solution brief.
Exabeam provides security intelligence and management solutions to help organizations of any size protect their most valuable information. The Exabeam Security Intelligence Platform uniquely combines a data lake for unlimited data collection at a predictable price, machine learning for advanced analytics, and automated incident response into an integrated set of products. The result is the first modern security intelligence solution that delivers where legacy SIEM vendors have failed. Learn more at exabeam.com.
Expel provides transparent managed security, on-prem and in the cloud. It’s the antidote for companies trapped in failed relationships with their managed security service provider (MSSP) and those looking to avoid the frustration of working with one in the first place. We’ll ingest event data from Zscaler to provide 24x7 monitoring, response and resilience. When we uncover an incident, we provide answers that tell you what happened and exactly what you need to do about it. Learn more at expel.io.
Gigamon enables your organization to run fast, stay secure, and innovate. We are the first company to deliver unified network visibility and analytics on all data-in-transit. Gigamon aggregates, transforms, and analyzes your network traffic across physical, virtual, and cloud infrastructure to meet your rapid threat detection, and response needs. To learn more, read the solution brief and visit www.gigamon.com.
JASK is modernizing security operations by delivering an advanced SIEM platform that provides better visibility, better automation, and a better architecture. Built on cloud-native technologies, the JASK ASOC platform streamlines security analyst workflows by automating many of the repetitive tasks that restrict productivity, freeing them for higher-value roles like threat hunting and vulnerability management, while addressing the escalating talent shortage. Learn more at www.jask.com.
LogRhythm empowers over 4,000 customers worldwide to measurably mature their security operations. LogRhythm’s award-winning NextGen SIEM Platform delivers comprehensive security analytics; user and entity behavior analytics (UEBA); network detection and response (NDR); and security orchestration, automation, and response (SOAR) within a single, integrated platform for rapid threat detection and neutralization.
IBM Security QRadar SIEM is a distributed enterprise Security Information and Event Management solution that provides contextual and actionable surveillance across the entire IT infrastructure, helping organizations detect and remediate threats often missed by other security solutions. The software automatically discovers most network log source devices and inspects network flow data to find and classify valid network hosts (assets)—tracking the applications, protocols, services and ports they use. It collects, stores and analyzes data performing real-time event correlation for threat detection and compliance reporting. Billions of daily events and flows are typically prioritized into just a handful of actionable offenses. Read the QRadar Solution Brief and Solution Deployment Guide, or watch the QRadar RSA Presentation Video.
SecBI has evolved the traditional siloed approach in cybersecurity to an XDR Platform for extended, cross-product integration of network, endpoint, and cloud security tools to deliver automated threat detection and response. As a vendor-agnostic platform, SecBI’s XDR maximizes organizations’ investments in their existing security tools, while providing end-to-end protection against stealthy attacks that cost organizations dearly. In times when hackers target multi-vectors to penetrate networks, the only way to detect and respond to cyberattacks effectively and efficiently is via an XDR approach. SecBI is used by financial, telecoms, retailers, and manufacturing enterprises worldwide. For more information, visit: www.secbi.com and read the SecBI solution brief.
Splunk Inc. (NASDAQ: SPLK) provides the engine for machine data. Splunk software collects, indexes and harnesses the machine-generated big data coming from the websites, applications, servers, networks, sensors and mobile devices that power business. Splunk software enables organizations to monitor, search, analyze, visualize and act on massive streams of real-time and historical machine data. 5,600 enterprises, universities, government agencies and service providers in over 90 countries use Splunk Enterprise to gain Operational Intelligence that deepens business and customer understanding, improves service and uptime, reduces cost and mitigates cybersecurity risk. Splunk Storm, a cloud-based subscription service, is used by organizations developing and running applications in the cloud. Read the Splunk Solution Brief and Solution Deployment Guide.
Sumo Logic is a secure, cloud-native, machine data analytics service, delivering real-time, continuous intelligence from structured, semi-structured and unstructured data across the entire application lifecycle and stack. More than 1,200 customers around the globe rely on Sumo Logic for the analytics and insights to build, run and secure their modern applications and cloud infrastructures. With Sumo Logic, customers gain a multi-tenant, service-model advantage to accelerate their shift to continuous innovation, increasing competitive advantage, business value and growth. Read the Sumo Logic Solution brief, Solution Deployment Guide and review the valuable Web Security Dashboards provided out of the box.
WitFoo is built by veterans of the US Military, cybersecurity and law enforcement to advance the craft of cybersecurity operations. WitFoo Precinct 6.0 is the world’s first “Diagnostic SIEM” providing detailed metrics that assist in all areas of cybersecurity operations, from the front line incident responder to the Board of Directors. Read the solution brief and learn more at witfoo.com