Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OPSEC Partners

IBM Tivoli Security Operations Manager

Product Version Certified: 3.1
Certified for use with: Check Point Next Generation with Application Intelligence

Product Description: IBM Tivoli Security Operations Manager is a solution that enables organizations to centrally manage security threats and incidents, and monitor IT infrastructure controls to ensure system security and meet compliance objectives. This solution correlates security events from across the network, security, hosts, and applications, to provide security threats, respond with adaptive security measures, and manage the entire incident process to resolution and remediation.
 
Key Features and Benefits
OPSEC Integration		 Clear IBM
 
Company Description: About Tivoli software from IBM
Tivoli software from IBM helps organiza¬tions efficiently and effectively manage information (IT) resources, tasks and processes in order to meet ever-shifting business requirements and deliver flexible and responsive IT service management, while helping to reduce costs. The Tivoli portfolio spans soft¬ware for security, compliance, storage, performance, availability, configuration, operations and IT lifecycle manage¬ment, and is backed by world-class IBM services, support and research.
 
Key Features and Benefits

Features

  • Automate log aggregation, correlation and analysis across network and security products, hosts, and applications
  • Reduce time it takes for incident recognition, investigation, management, and response through automation
  • Security Operations Dashboard, including the PowerGrid, a unique visualization and forensics display
  • Enable monitoring and enforcement of policy.
  • Provide comprehensive operational and regulatory reporting for compliance efforts.
  • Security

Benefits

  • Superior Incident Recognition - Offers superior incident recognition capabilities, analyzing event data using four complementary correlation techniques: Rule-based Correlation, Vulnerability Correlation, Statistical Correlation and Susceptibility Correlation. The ability to weight the importance of assets during the correlation process enables Tivoli Security Operations Manager to prioritize security activities based on the organization’s business priorities.
  • Understands and integrates with the IT Operations Environment - Designed with an understanding of the operational challenges that security and IT teams face and has built-in features to address these challenges that will not be found in other products. Offers a distinct separation of data for environmental and organizational control with its security domains and the product can be administered using pervasive granular roles-based access. Also provides integration with other key Tivoli products, including Netcool Omnibus and Tivoli Enterprise Console (TEC).
  • Integrated Incident Investigation & Response - Drastically reduces the time it takes to handle attacks, misconfigurations, and misuse by tightly integrating investigation and response tools, as well as by facilitating the escalation and tracking process. In one managed security service provider’s security operations center, Netcool/NeuSecure reduced the average time spent investigating and responding to an attack from 1 hour to 6 minutes. This time to mitigation can mean the difference between stopping an attacker and suffering the consequences of a security breach.
OPSEC Integration
Tivoli Security Operations manager is a SIM (Security Information and Event Management) product that aggregates and normalizes events from multiple sources and uses four different correlation techniques in order to determine which events are serious threats for your organization. Events are collected from multiple security devices including Check Point Firewalls using LEA. Serious threats to the organization can be addressed by sending messages to your Check Point VPN-1 to block malicious traffic using SAM API.