Forensische onderzoeken en eventlogs
Eventlogs zijn belangrijk omdat u ze meestal als eerste raadpleegt wanneer er iets mis gaat; ze geven informatie over wat er op het netwerk is gebeurd. Het is echter vaak moeilijk om met logs een tijdlijn van problemen op te stellen. Logs leveren gefragmenteerde audittrajecten op, doordat elke computer op het netwerk een eigen beveiligingslog heeft. De kritieke gebeurtenis waarnaar u op zoek bent, is maar al te vaak verspreid over vele computers, waardoor het niet mogelijk is om de veiligheid van uw netwerk als geheel te analyseren. Bovendien kan er met lokaal opgeslagen logbestanden worden geknoeid, wat betekent dat de gegevens niet 100% tegen misbruik zijn beschermd.
GFI EventsManager™ lost dit probleem op door alle beveiligingsevents in één database te consolideren. Het product beschikt over diverse zoek- en analysemethoden, uitgebreide rapportagemogelijkheden en aanpasbare rapporten. Al deze informatie is direct bij de hand zonder dat u dure consultants hoeft in te huren om forensische onderzoeken uit te voeren. Met de uitgebreide diagnostische tools van GFI EventsManager kunt u gemakkelijk zelf in korte tijd forensische onderzoeken uitvoeren!
Waarom GFI EventsManager voor forensische en diagnostische onderzoeken?
- Bewaak kritieke beveiligingsevents op het gehele netwerk - detecteer aanvallen en kwaadwillende gebruikers
- Ontvangst van meldingen over kritieke events op Exchange-, ISA-, SQL- en IIS-servers
- Maak back-ups en wis eventlogs op het gehele netwerk, en archiveer eventlogs in een centrale database
- U hebt geen clientsoftware of agents nodig.
Verdere informatie
Onderscheidingen en recensies
Previous
Next
-
-
One to consider for almost any SIEM project
One to consider for almost any SIEM project
"GFI Software is one of the smaller vendors in the SIEM market. However, size doesn't matter if you build quality into a product like GFI has done with its GFI EventsManager 2012. All things considered, GFI EventsManager proves to be very apt at what it is designed for, managing events driven by the SIEM methodology. Strong reporting tools and an interactive GUI round out the product, making it one to consider for most any SIEM project" – SC Magazine, April 2012
-
InfoWorld reviews GFI EventsManager
InfoWorld reviews GFI EventsManager
"GFI EventsManager Report Pack comes with dozens of predefined reports (mostly Windows-related), each of which can be edited or used to make new reports." - InfoWorld
-
GFI EventsManager - 'built the right way for the right job at the right time'
GFI EventsManager - 'built the right way for the right job at the right time'
GFI EventManager is a very efficient and effective...
GFI EventsManager - 'built the right way for the right job at the right time'
GFI EventManager is a very efficient and effective log and event management tool which covers most of the daily security monitoring activities - Dragos Lungu
-
One to consider for almost any SIEM project
-
-
GFI EventsManager awarded Community Choice Award
GFI EventsManager awarded Community Choice Award
GFI EventsManager and GFI Network ServerMonitor we...
GFI EventsManager awarded Community Choice Award
GFI EventsManager and GFI Network ServerMonitor were named winners of the "Community Choice Awards", and GFI EndPointSecurity was awarded Best Security Product - Community Choice by Penton Media's Windows IT Pro magazine - Windows IT Pro
-
Editor’s Choice
Editor’s Choice
In a comparative review in of log management products in WindowsIT Pro, the magazine gives GFI EventsManager 4.5 marks out of 5 for both its ease of implementation and ease of use. The reviewer recommends GFI EventsManager for anyone “whose log management needs are limited to Windows Events logs, syslog output and W3C log file information”. - Windows IT Pro
-
An excellent tool
An excellent tool
In a review on firewall.cx, Alan Drury describes GFI EventsManager 7 as an excellent tool that will “make your life easier and help keep both you and your systems out of trouble” and rates it 9 of out 10. He said the product enables you to collect and archive event logs across an organisation, but “there’s so much more to it than that”. He highlights GFI EventsManager’s ability to run external scripts and adds that “customisation is one of the real keys to this product”. Although GFI EventsManager 7 may be a little on the slow side at startup, “this is a testimony to the fact that the product is doing a lot of work on your behalf and, to get the best from it, you really should give it a decent system to run on. The benefits you’ll gain will more than make up for the investment. Overall, this is an excellent tool that will.” - Firewall.cx
-
GFI EventsManager awarded Community Choice Award
-
-
Nice package with clear business benefits
Nice package with clear business benefits
GFI EventsManager “is a very nice package with clear business benefits” according to a review in ITpro.co.uk by Ian Murphy. Giving the product four stars out of a maximum six, the author highlights the product’s relative easy to install, well-written documentation and other features that help the administrator during the installation and configuration process. - ITpro.co.uk
-
Nice package with clear business benefits