I was fortunate enough to use different Trustwave SIEM products in my current job. Even though I've never heard of Trustwave, my first impression was wow, this such a polished user interface. Digging into the product's capabilities answered my question of why this is not the market leader.
The SIEM product were originally Intellitactics SAFE and later acquired by Trustwave in order for them to enter the SIEM market. There are currently three flavours of the SIEM products. First, SIEM LA appliances which are log aggregators with no processing capabilities whatsoever rather, they forward the logs or upstream them to other products with processing capabilities.
The second line is SIEM XL or LP1 to LP5 which are log processor appliances which provide event parsing, dashboards, basic reports and alerts (notifications). The third member of the family is SIEM OE which is software with advanced customization and correlation capabilities. The latest product is SIEM Enterprise which is an appliance with SIEM OE advanced features. For full hardware specifications of the appliances, you may refer to http://www.ireo.com/fileadmin/img/Fabricantes_y_productos/trustwave/siem/Trustwave-SIEM-Hardware_Specs.pdf
There are more than 200 log sources or devices supported by Trustwave and you can review the full list in this page https://www3.trustwave.com/siem-supported-devices. With the suport of this wide range of products, there is a slim chance that you would have an application or infrastructure solution that isn't supported. In addition, if you purchase support, you may request a parser development for other data sources such as home grown application.
If you are serious about SIEM deployment, you would need SIEM OE or SIEM Enterprise and build a SOC team to investigate the alerts by either. I'll walk you through the features and limitations of Trustwave as a SIEM vendor in the next posts, stay tuned.
The SIEM product were originally Intellitactics SAFE and later acquired by Trustwave in order for them to enter the SIEM market. There are currently three flavours of the SIEM products. First, SIEM LA appliances which are log aggregators with no processing capabilities whatsoever rather, they forward the logs or upstream them to other products with processing capabilities.
The second line is SIEM XL or LP1 to LP5 which are log processor appliances which provide event parsing, dashboards, basic reports and alerts (notifications). The third member of the family is SIEM OE which is software with advanced customization and correlation capabilities. The latest product is SIEM Enterprise which is an appliance with SIEM OE advanced features. For full hardware specifications of the appliances, you may refer to http://www.ireo.com/fileadmin/img/Fabricantes_y_productos/trustwave/siem/Trustwave-SIEM-Hardware_Specs.pdf
There are more than 200 log sources or devices supported by Trustwave and you can review the full list in this page https://www3.trustwave.com/siem-supported-devices. With the suport of this wide range of products, there is a slim chance that you would have an application or infrastructure solution that isn't supported. In addition, if you purchase support, you may request a parser development for other data sources such as home grown application.
If you are serious about SIEM deployment, you would need SIEM OE or SIEM Enterprise and build a SOC team to investigate the alerts by either. I'll walk you through the features and limitations of Trustwave as a SIEM vendor in the next posts, stay tuned.
No comments:
Post a Comment