Home | Downloads | Contact us
| SIMCommander Correlation |
SIMCommander uses hybrid correlation techniques to achieve high accuracy rate to identify true attacks. Hybrid correlation means a combination of correlation techniques, some are performing in real time and others use historical data. There is no single event correlation technique to fulfill all scenarios and conditions. Each technique is suitable to detect one or several scenarios. Hence, SIMCommander hybrid correlation techniques can increase the number of scenarios coverage and increase the probability of real attack identification by combing several correlation results.
SIMCommander Hybrid Correlation Techniques:
Statistical Correlation is the fundamental correlation method which consolidates all incoming events based on the same Event ID and Destination IP address. All events will be given a severity for easy prioritization. Security administrators do not require to configure and can keep their eyes on one alert entry instead of thousands of entries for the same alert. Security administrators can customize threshold values to reduce false alarms and make security events monitoring and analysis easier.
Vulnerability Information Correlation works with the vulnerability information collected from third party vulnerability management (VM) system. It will use the information from Common Vulnerability Exposure (CVE) for the correlation. It correlates the vulnerability information against the IDS/IPS alerts to give network administrator accurate alert analysis with the effects and impacts created. This analysis helps security operators to prioritize their job and it is a part of the incident handling process.
Stateful Correlation is a powerful rule-based correlation engine to detect attack sequence pattern and strengthen user customization. Stateful Correlation identifies real attacks by mapping pre-defined customer’s business assets and stateful rules. Each stateful rule contains the event conditions and thresholds to deal with any infrastructures and security threats. When incoming events match any of the conditions of the policy rules, SIMCommander will classify that it is a real attack and trigger an alert for security administrator can respond to the real attack efficiently and effectively.
Machine-learning Correlation is based on Clustering technology to group related events into an incident from different types and brands of devices. It helps security manager to analyst the attack path of the attack and the incident playback to understand the event occurrence sequence. Now security manager only needs to manage incidents instead of events.
 |
 |
|
|
 |
|
 |
Hierarchy | |
|
Correlation | |
|
Monitoring | |
|
Incident Analysis | |
|
Reporting | |
|
Response | |
|
Customer Portal | |
|
Incident Management Module | |
|
Supported Devices | |
|
 |
|
|
 |
|
|
 |
|
|
 |
|
|
 |
|
| Copyright © 2008 SIMCommander | Privacy policy | Terms of use | Contact us |
