Indagini legali e log degli eventi
I registri (c.d. log) degli eventi rappresentano la prima linea d'indagine in caso di problemi, poiché forniscono una cronologia degli eventi. Tuttavia, è spesso difficile ricostruire la successione temporale degli errori solo usando log. Dato che ogni computer della rete ha i propri log di sicurezza, spesso si rimane "in panne" con registrazioni di controllo (c.d. audit trail) frammentarie. L'attività critica che si ha bisogno di trovare è troppo spesso disseminata tra decine di computer. Non c'è modo di visualizzare e analizzare l'attività di protezione della rete nel suo complesso. Siccome i file di registri degli eventi archiviati a livello locale possono essere manomessi, neanche questa audit trail è sicura.
GFI EventsManager™ risolve i problemi consolidando tutti gli eventi di sicurezza in un unico database. Fornisce una gamma di strumenti di ricerca e approfondimento (drill down) e capacità di creazione di rapporti completi e/o personalizzabili. Tutte queste informazioni sono disponibili immediatamente, senza dover ricorrere a consulenti che eseguano costose indagini. Con la vasta gamma di strumenti diagnostici di GFI EventsManager, è possibile realizzare con facilità indagini legali in sede, risparmiando tempo e denaro.
Motivi per utilizzare GFI EventsManager per effettuare indagini legali e diagnostiche
- Controlli finalizzati alla ricerca di eventi di sicurezza critici a livello di rete, come il rilevamento di attacchi e l'individuazione di utenti della rete pericolosi
- Ricezione di avvisi relativi a eventi critici occorsi sui server Exchange, ISA, SQL e IIS
- Back-up e rimozione dei log degli eventi a livello di rete e archiviazione su un database centrale
- Nessun bisogno di software o agenti client.
Passaggi successivi
Premi e recensioni
Previous
Next
-
-
One to consider for almost any SIEM project
One to consider for almost any SIEM project
"GFI Software is one of the smaller vendors in the SIEM market. However, size doesn't matter if you build quality into a product like GFI has done with its GFI EventsManager 2012. All things considered, GFI EventsManager proves to be very apt at what it is designed for, managing events driven by the SIEM methodology. Strong reporting tools and an interactive GUI round out the product, making it one to consider for most any SIEM project" – SC Magazine, April 2012
-
InfoWorld reviews GFI EventsManager
InfoWorld reviews GFI EventsManager
"GFI EventsManager Report Pack comes with dozens of predefined reports (mostly Windows-related), each of which can be edited or used to make new reports." - InfoWorld
-
GFI EventsManager - 'built the right way for the right job at the right time'
GFI EventsManager - 'built the right way for the right job at the right time'
GFI EventManager is a very efficient and effective...
GFI EventsManager - 'built the right way for the right job at the right time'
GFI EventManager is a very efficient and effective log and event management tool which covers most of the daily security monitoring activities - Dragos Lungu
-
One to consider for almost any SIEM project
-
-
GFI EventsManager awarded Community Choice Award
GFI EventsManager awarded Community Choice Award
GFI EventsManager and GFI Network ServerMonitor we...
GFI EventsManager awarded Community Choice Award
GFI EventsManager and GFI Network ServerMonitor were named winners of the "Community Choice Awards", and GFI EndPointSecurity was awarded Best Security Product - Community Choice by Penton Media's Windows IT Pro magazine - Windows IT Pro
-
Editor’s Choice
Editor’s Choice
In a comparative review in of log management products in WindowsIT Pro, the magazine gives GFI EventsManager 4.5 marks out of 5 for both its ease of implementation and ease of use. The reviewer recommends GFI EventsManager for anyone “whose log management needs are limited to Windows Events logs, syslog output and W3C log file information”. - Windows IT Pro
-
An excellent tool
An excellent tool
In a review on firewall.cx, Alan Drury describes GFI EventsManager 7 as an excellent tool that will “make your life easier and help keep both you and your systems out of trouble” and rates it 9 of out 10. He said the product enables you to collect and archive event logs across an organisation, but “there’s so much more to it than that”. He highlights GFI EventsManager’s ability to run external scripts and adds that “customisation is one of the real keys to this product”. Although GFI EventsManager 7 may be a little on the slow side at startup, “this is a testimony to the fact that the product is doing a lot of work on your behalf and, to get the best from it, you really should give it a decent system to run on. The benefits you’ll gain will more than make up for the investment. Overall, this is an excellent tool that will.” - Firewall.cx
-
GFI EventsManager awarded Community Choice Award
-
-
Nice package with clear business benefits
Nice package with clear business benefits
GFI EventsManager “is a very nice package with clear business benefits” according to a review in ITpro.co.uk by Ian Murphy. Giving the product four stars out of a maximum six, the author highlights the product’s relative easy to install, well-written documentation and other features that help the administrator during the installation and configuration process. - ITpro.co.uk
-
Nice package with clear business benefits