NightOwl Managed Network Security Platform

Not all large-scale Security Information and Event Managers are created equal. Some work well in mid-sized networks, but bog down when handling the hundreds of devices found in a large Enterprise network. Others do a good job with log collection and file parsing, but fail when it comes to the crucial tasks of correlation, threat scoring, and event prioritization. Finally, some offer attractive initial pricing, but increase in price almost exponentially as greater numbers of firewalls, intrusion detection systems, and managed devices are added to the mix.

At Secure IQ we understand the needs of your enterprise and work on solutions that are scalable. Our solutions on Remote access VPN are customized to give you accelerated benefits based on the scale of your use and your plans of expansion.

Intelligent Dashboard

 

Secure IQ’s NightOwl Managed Security Services Platform is ideal for carriers and Enterprise customers and was built from the ground up with scalability, performance, and intelligence in mind. Based on the carrier-class architecture of our CloudSafe MSSP service, NightOwl is a modular Managed Security Services Platform that runs on industry-standard Wintel hardware. The base system configuration consists of four components, a capture Sentinel, gateway, distributed database, and management portal. For small installations, these can be installed as software modules on a single high performance server. Customers with mid-sized network can run these on blade server systems or virtual VMware machines. For very large carrier and Enterprise installations, our system features Infinite Horizontal ScalabilityTM, the ability to add system capacity and resiliency simply by installing additional servers in parallel.

In contrast to some competing products that store event information in a general-purpose Oracle database, our unique database schema (patent pending) was designed to handle extremely large volumes of firewall and IDS event from the ground up. The result: an 18,000 gain in performance under load when compared to a conventional Oracle database. With our high performance open source database, our cost structure also stays linear; especially when the network expands and more monitored nodes are added to the SIEM system.Our Network Intrusion Detection System (IDS) works in synergy with the platform to alert on any malicious activity that may harm your network

When it comes to the critical task of Event Correlation, our story gets even better. Through years of real-world security experience, we’ve developed and implemented 56 separate detection algorithms that help separate real security threats from false positives. In one customer’s case, this resulted in a 100X greater “confirmed kill rate” and a 10X reduction in security analyst workload when compared to a larger competitor. Our pinpoint accuracy and rapid threat detection gives carriers the ability to offer a range of revenue-generating managed security SLAs.

So don’t just take our word for it. Find out for yourself how our industry-leading correlation, intuitive user interface, and scalability can keep your customer’s networks secure while significantly lowering both your CAPEX and OPEX expenditures. 

 

SPECIFICATIONS

+ Key Features

- Alert reduction, ticket reduction
- Improved security analyst effectiveness
- Improved incident response time and   reconciliation
- Advanced data replication and segregation
- Improved security posture awareness
- Infrastructure behavior trending
- Network Intrusion Prevention
- Network Intrusion Detection
- High system availability with fault tolerant   architecture
- Linear pricing as the number of monitored   devices increases
- No third party software licensing fees

+ Core Capabilities

- Receives Syslog events
- Receives and supports SNMP
- Receives and supports Checkpoint LEA
- Archives pre-filtered events
- Filters non-security related events
- Generates reports
- Generates alerts
- Generates alerts based on historical trends
- Easily create customized alert signatures
- Correlate events on one or more devices   into a single alert
- Advanced data replication and segregation
- Works with VPNs
- Local redundancy and load balancing for   reliability

+ Service Components

- Sentinel, models 1200, 1408, and 2412
- Gateway
- Database
- Intelligent Correlation Engine (ICE)
- Security Portal
- Customer Relationship Management

+ Supported Security Devices

- Cisco ISR, ASA, and PIX series
- ISS Proventia
- Fortinet
- Checkpoint VPN-1 Pro and VPN-Edge   Series, Firewall-1 Express
- uniper NetScreen
- ISS RealSecure






+ Security Console (Dashboard)
Tracking Components

- Service Metrics
- Alert Conditions
- Security News
- Unresolved Problem Ticket Status
- Change Request Status
- IDS Device Status
- Message and Ticket Volume Trends
- Top Sources
- Top Countries

+ System Administration

- Fine grain security policy
- Multi-layer user administration, 4 levels
- Built-in two factor token-based authentication
- User customizable dashboards

+ IDP/S Report Types

- Executive summary report
- Weekly service summary report
- Top signature classification report
- Top attacking source IPs report
- Top attacked destination IPs report
- Top attacked ports/services report
- Security analyst summary report
- Compliance reporting

+ Server Platform

- Runs on industry standard Wintel server hardware
- Available as software for installation on customer provided servers, blade servers, or VMware virtual machines
- Linux operating system with Java JRE 1.5 or above

+ Hardware Requirements

- Minimum dual core 2.00 GHz processor
- 4GB RAM memory
- 500GB local storage
- Dual NICs (preferred)

+ API

- Communicate with external applications via JDBC, ODBC, Remedy API, etc.

+ Supported Web Browsers

- Microsoft Internet Explorer 7 and 8
- Mozilla Firefox 3 and 4

Capabilities

+ Pinpoint accuracy and rapid threat detection help customers identify and isolate security breaches as they happen

+ Open source database keeps pricing low as the number of monitored devices increases

+ Designed to handle extremely large volumes of Firewall,IDS,UTM and Hosts event information.

+ Infinite Horizontal ScalabilityTM makes it easy to increase system capacity and resiliency by adding    servers in parallel

+ Software installs on industry standard Wintel hardware on standalone and blade servers and VMware virtual    machines

+ Extensive reporting capabilities including message and ticket volume trends

Benefits

+ Dramatically improved security and reduced threat exposure through early detection

+ Achieve Compliance goals through simplified Secure-IQ's Managed Security Service Platform tools

+ Affordable pricing structure in comparison with other SIEM solutions

+ Simplified training requirements and reduced staff levels with our intuitive dashboard user interface

+ Strong revenue generation for Managed Security Service Providers

+ Support for all major brands of network components, including firewalls, VPNs, and intrusion detection    systems

+ High performance database responds rapidly under heavily loaded conditions

+ Various installation options, including on-premise, MSSP, and remote management

Download our
NightOwl datasheet.

2017 Secure IQ. All Rights Reserved.