ExaProtect Introduces Security Management Solution 2.7.2: Enhances Forensic Investigations of Secur

Latest version enriches event analysis with new ‘replay mode’, to assist in policy management and regulatory compliance

[ClickPress, Tue Jan 23 2007] ExaProtect, a leader in intelligent security management, has announced Security Management Solution (SMS) version 2.7.2. This latest release further extends and enhances SMS’ in-depth forensic analysis capabilities on security event and system logs with a new ‘replay’ mode.

Using the enhanced forensics capabilities of SMS 2.7.2, IT staff get a deeper insight when investigating security events, performing historic log analysis, or when assessing the effects of changes to security policies and rule sets.

With the replay wizard, users can choose start- and end-times from which to replay event logs, and can also import and correlate new data or log sources to supplement those stored in SMS. This includes information that was not originally logged and stored by SMS as part of normal event management.

For example, a log of external IP addresses from which hacking attempts on the network were launched can be imported and correlated with stored data. This will then highlight any new alerts generated from correlation of the additional data – helping IT staff to pinpoint the origins of attacks. Users can also replay existing events with new or altered correlation rules, for simulation or forensic purposes.

Jean-François Déchant, CEO of ExaProtect said, “This latest release further develops our “View and Do” approach to security management. The enhanced forensics capability gives senior IT staff a deeper insight into the causes of security events, and lets them simulate and investigate the effects of policy changes. This helps to ensure that the most effective action is taken quickly, to raise security levels and deal with threats.”

SMS 2.7.2 continues to monitor security and network events in real time while forensic analysis is done, and analysis can be performed either on- or off-box.

Its new forensic analysis features further extend the customer benefits introduced in version 2.7. The advanced taxonomy engine in SMS significantly reduces the volume of logged incidents, and eliminates false positives, enabling faster identification of significant security threats in real-time and minimising the business impact of any attack.

ExaProtect is the only security management vendor to deliver a holistic, intelligent security dashboard that combines security event management, security policy change management and real-time remediation. This unique “View and Do” approach simplifies customers’ overall security management, enhances threat response and maximises return on security investments.