Most operating systems and network devices include complete functionality for capturing security events, but provide little or nothing in the way of analysis, archiving, and real-time monitoring capabilities.
Cryptic event descriptions compound the problem, as does the fact that each managed device maintains a separate security log. Yet to comply with the Security Standards employed in today's networked business environment, it is essential to track security activity and to respond immediately to intrusion attempts.
netPrefect™ monitors both In-Band and Out-of-Band access to managed devices, collecting user access and security information in real time, and using netPrefect's token replacement feature, unintelligible ASCII text messages can be transformed into meaningful events with appropriate additional contextual information.
The netPrefect™ rules wizard makes it simple to create reusable rules, which filter console data and trigger events when specific criteria is met, or patterns matched. These rules can be applied to multiple systems, or system groups, reducing the amount of time required to configure the system, and also ensuring that the same security standards are applied to all systems, across the entire enterprise.
netPrefect™ uses advanced algorithms to filter out the background noise, and create events based on simple-to-create rules and pattern matching, which eliminates false positives in the alert process.
Event detection can be restricted to specific times of the day.
On generation, events are given a state (Open or Closed) and can be enhanced with extra items from the originating source data and tagged as statistical data for use when reporting.
netPrefect™ can also automatically clear or raise events after a predetermined time.
netPrefect™ converts all captured data from its native format to plain text. This allows events to be detected easily, by specifying the unique text pattern that identifies them. Text patterns can be defined as: