Solve for DCS - Northstar · 2020. 1. 23. · Reporting Comparison: SOLVE vs. DCS Reporting...
2
ACTIONABLE VISUALIZATIONS AND REPORTING SOLVE for DCS Features: • Easily track agent upgrades with the agent version distribution dashboard • Easily track policy distribution • Monitor DCS agents and server health • Report on DCS audit data to track changes made to settings in the DCS console • Create robust interactive visualizations for detection events by rule names and perform extensive drill-downs into all available categories recorded by the event • Prevention and detection event tuning • Baselines, KPI’s and metrics are at your fingertips with SOLVE so you can delve into what the data is telling you in real-time for DCS A complement to your existing Symantec Data Center Security (DCS) infrastructure, SOLVE - the Simple OnLine Visualization Engine is a data visualization, reporting, analytics and tuning platform that connects directly to your DCS environment. File Events Tuning Total Events Base Prevention Base Prevention 0 6,000 2,000 10,000 Policy Name File Events Tuning Top > cust_unauthorizedapps_ps\Base Prevention Policy (PD) Process Set > Event Type > Description > Event Type Details > Process Path > User Name > Device Name cust_unauthorizedapps_ps Attempt to read file: trojan88.scr Attempt to write file: makware8.dll 1,902 10 8 File Path: C:\Program Files\Temp\malware8.dll 4 Attempt to read file: trojan5.jar 8 File Path: C:\Windows\Products\malware8.dll 4 Total Events Network Events Tuning Base Prevention 0 4,000 2,000 6,000 8,000 Policy Name Total Events Network Events Tuning Top > Windows\Base Prevention policy (PE) Process Set > Event Type > Description > Event Type Details > Process Path > User Name > Device Name cust_eventlogstopstart_ps Outbound TCP Connect to Remote Port 8080 7,495 Total Events 3,245 2,992 cust_internetexplorer_ps To 10.2.115.46 6 To 10.1.131.91 5 To 10.1.132.253 5 To 10.1.16.204 5 The key to fully understanding the data generated by DCS is having the ability to consume and visualize the data. SOLVE opens the data structure in DCS and presents administrators with a highly customizable and user-friendly web UI that allows them to quickly and easily tailor the view and presentation of dashboards. Armed with the ability to perform extensive drill-down views for thorough investigation into events of interest with granular detail, administrators can rapidly generate actionable reports, improving time to remediation. How can security administrators quickly and thoroughly address the need to update DCS security policies without knowing what devices and software are being used in their environment? With SOLVE for DCS, you can see all of your assets, policies, and their relevant events globally, in a single dashboard. SOLVE provides comprehensive real-time visibility across the environment to identify and inventory assets giving you the actionable intelligence you need to improve your security posture.
Transcript of Solve for DCS - Northstar · 2020. 1. 23. · Reporting Comparison: SOLVE vs. DCS Reporting...
ACTIONABLE VISUALIZATIONS AND REPORTING
SOLVE for DCS Features:• Easily track agent upgrades with the agent version distribution dashboard
• Easily track policy distribution
• Monitor DCS agents and server health
• Report on DCS audit data to track changes made to settings in the DCS console
• Create robust interactive visualizations for detection events by rule names and perform extensive drill-downs into all available categories recorded by the event
• Prevention and detection event tuning
• Baselines, KPI’s and metrics are at your fingertips with SOLVE so you can delve into what the data is telling you in real-time
for DCSA complement to your existing Symantec Data Center Security (DCS) infrastructure,SOLVE - the Simple OnLine Visualization Engine is a data visualization, reporting,analytics and tuning platform that connects directly to your DCS environment.
File Events Tuning
Process Set
cust_eventlogs...cust_unauthori...default_ps
Total Events
BasePrevention
BasePrevention
0 6,0002,000 10,000 14,000
Polic
y N
ame
File Events TuningTop > cust_unauthorizedapps_ps\Base Prevention Policy (PD)
Process Set > Event Type > Description > Event Type Details > ProcessPath > User Name > Device Name
cust_unauthorizedapps_ps
Attempt to read file: trojan88.scr
Attempt to write file: makware8.dll
1,902
10
8
File Path: C:\Program Files\Temp\malware8.dll4
Attempt to read file: trojan5.jar 8
File Path: C:\Windows\Products\malware8.dll4
Total Events
Network Events Tuning
OS Type
Windows
BasePrevention
0 4,0002,000 6,000 8,000 10,000
Polic
y N
ame
Total Events
Network Events TuningTop > Windows\Base Prevention policy (PE)
Process Set > Event Type > Description > Event Type Details > ProcessPath > User Name > Device Name
cust_eventlogstopstart_ps
Outbound TCP Connect to Remote Port 8080
7,495
Total Events
3,245
2,992
cust_internetexplorer_ps
To 10.2.115.46 6
To 10.1.131.91 5
To 10.1.132.253 5
To 10.1.16.204 5
The key to fully understanding the data generated by DCS is having the ability to consume and visualize the data.
SOLVE opens the data structure in DCS and presents administrators with a highly customizable and user-friendly web UI that allows them to quickly and easily tailor the view and presentation of dashboards.
Armed with the ability to perform extensive drill-down views for thorough investigation into eventsof interest with granular detail, administrators can rapidly generate actionable reports, improving timeto remediation.
How can security administrators quickly and thoroughly address the need to update DCS security policies without knowing what devices and software are being used in their environment?
With SOLVE for DCS, you can see all of your assets, policies, and theirrelevant events globally, in a single dashboard.
SOLVE provides comprehensive real-time visibility across the environment to identify and inventory assets giving you the actionable intelligence you need to improve your security posture.
Reporting Comparison: SOLVE vs. DCS Reporting
REPORTING FEATURE
Basic DCS ReportingAgent Health, Server Health, Event Trending, Process Blocking
Basic Report CustomizationTrending, Basic Sort & Filter, SQL Query
Data ExportDCS Reports: DCS Events: CSVSOLVE: JPG, PDF, HTML, XLS, CSV
Advanced Reportsi.e.: Multiple drilldowns, advanced SQL, custom dashboard layouts,many chart types, role/group-targeted reports
Advanced Report Customizationi.e. Advanced filters, shared filters, customizabledata fields, ad-hoc reporting, dashboard customization, KPIs
Advanced Report Export/Import OptionsImport: export/import report templates, share & compare withcommunity, choose export columns
Report on ALL DCS SEP Databases at Onceseamless, consolidated reports from all DCS DBs/Environmentsor a subset thereof
Single pane of glassCan view reports/charts/data from other IT products & toolsincluding Symantec's CSP/DLP/CCS side-by-side with SEP reports
Scheduled Report DeliveryDCS: SOLVE: Email or Folder, PDF, XLS, CSV
SearchSEP: One data point at a time, i.e. agent, File, Network, Registry events, Logs, etc.SOLVE: ALL SEP data pertaining to the agent is visible in a tabbed view
SOLVEDCSMANAGER
= FULL Functionality = PARTIAL Functionality
516 N. Ogden Ave Suite 115Chicago, IL 60642
Give us a call312.421.3270
Send us an email:[email protected]
For more info, visit us at:www.conventus.com
INTEGRATE AND AUTOMATE
SOLVE is unique in its ability to report because it connects directly to your DCS database eliminating the need to copy data and install new hardware.
SOLVE for DCS also delivers powerful automation capabilities to streamline workflows so you can maintain efficiency.
