Intrusion Detection & Monitoring

Defending Against Web Application Attacks

 

Detect & Respond to Threats – From the Data Center to the Cloud

Protecting your infrastructure requires you to detect threats, identify suspicious network traffic, and respond quickly – whether the problem is in your own data center, a hosted environment or the cloud. How do you get a global view of the threats impacting all of your infrastructure, day or night, without massive investments in multiple solutions and additional staff?

 

SALIX Threat Manager with ActiveAlert Services gives you 24×7 network threat detection, monitored by SALIX’s Security Operations Center (SOC), for the entire IT environment. Our patented expert system, driven by global threat data, identifies potential problems for our analysts to investigate – acting as an extension of your team, day and night, keeping an eye on suspicious activity.

How Threat Manager works…

Threat Manager identifies suspicious activity in network traffic, quickly identifying threats to your IT assets so that you can respond. We monitor network traffic and analyze billions of events with a patented expert system. Using intelligent multifactor correlation, we identify security events requiring attention. After validation by a Level 1 SOC analyst, we notify you with recommended actions/responses. When needed, senior specialist teams are engaged to assist you. You can also implement automated blocking through integration with your network firewalls.

 

We give you insight into the real threats in your environments, helping you make more informed security investment and resource decisions. When the security program is driven by a clear understanding of the real threats affecting your network, your efforts and investments will provide more benefit and significantly enhance your security posture.

SALIX helps you meet compliance challenges. Threat Manager’s intrusion detection and vulnerability scanning capabilities provide key elements to address the requirements of PCI DSS, HIPAA/HITECH, GLBA, Sarbanes-Oxley, and other mandates. Compliance-specific reporting makes it easy to evaluate and document your compliance stance. SALIX is a PCI-Approved Scanning Vendor (ASV).

 

You get these benefits without a large investment, staff burden or distractions from your strategic IT initiatives. Security-as-a-Service delivery gives you Threat Manager with ActiveAlert for a fixed monthly fee, including all monitoring, software and our 24×7 Security Operations Center (SOC) to validate incidents and provide support. You access your Threat Manager data through a web interface – the very same one used by our analysts. There’s no complex integration or implementation, no upgrades – just the latest security technology and the sharpest analysts, working for you 24 hours a day, 7 days a week.

The right security approach means better security outcomes…

 

SALIX’s approach is fundamentally different from traditional security vendors, who sell powerful technology that you need to implement and support – until it’s time to replace it. If you’ve ever seen complex implementation and large investment produce disappointing results, you know the challenges. With SALIX, you pay for specific security capabilities and our expertise in delivering them, and you don’t make a capital investment to get it. In the age of fast-changing threats and distributed infrastructure, Security-as-a-Service gives you the outcomes you need.

Threat Manager Deployment:

salixwebsite13
salixwebsite14

SALIX Security Research Team

 

SALIX’s security researchers provide the expertise and leading-edge threat intelligence that makes Threat Manager so effective. Studying emerging threats, data from our global customer base, and third-party sources, the research team drives development of security content for Threat Manager’s expert system, correlation rules, and best practices for resolving incidents.

ActiveAlert: Expert Security Services for Threat Manager

 

The ActiveAlert team augments your existing IT team to ensure rapid detection and response to network incidents. In addition to monitoring the network traffic flows for incidents, the SOC team reviews suspicious network traffic to identify zero-day attacks that might not otherwise trigger an alert.

This intelligent review and response by industry professionals not only increases the overall visibility into your network, it reduces the potential for false positive alarms and helps identify zero-day attacks that may have slipped by or gone unnoticed.

When an incident or suspicious network activity is detected, the ActiveAlert team will conduct an analysis of the situation and notify your staff based on predetermined escalation procedures. They will work with your team to perform in-depth analysis and assessment of the incident and recommend containment and mitigation actions.

ActiveAlert also includes integrated incident and case management capabilities that allow customers to track and report on incident trends across their entire enterprise, including the services hosted outside of the internal perimeter. This capability provides an audit trail of suspicious findings and gives a historical record of the response and actions from start to finish.

ActiveAlert Integration Diagram

Additional services, including daily review by a senior security analyst, weekly reporting on security posture based on business goals, and review of NetFlow for enhanced detection of malware and advanced persistent threats are also available.

THREAT MANAGER & ACTIVEALERT FEATURES: