Online Security, Safety, Tips, Compliance, Standard
The Needs of Correlation Engine(CE) within SIEM
Correlation Engine (CE) is known as the brain for SIEM, its aggregates, normalizes correlates and analyzes event log data from the myriad of devices within your infrastructure. So, why CE is so important for us in getting the full visibility of our network? Let me give you one example:-
1) Normal IDS will catch the request from attacker
2) IDS will never see the traffic that has been wrapped by the secure protocol such as SSL
3) So, with Correlation Engine in place we still can capture the attacker since all the logs from server will be read by CE and it will correlates the events based on the logic inside
| Print article | This entry was posted by Tokwear on October 26, 2009 at 1:20 AM, and is filed under IT Security. Follow any responses to this post through RSS 2.0. Responses are currently closed, but you can trackback from your own site. |
Comments are closed.