Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OPSEC Partners

Intellitactics, Inc

Product Version Certified:
Intellitactics Linux LEA Agent v 3.1.3 for use with Security Manager & Intellitactics SAM

Certified For Use With:
Check Point NG, NG AI, and NGX

Intellitactics

Product Description: Intellitactics provides comprehensive enterprise security management solutions for organizations with requirements for managing compliance with regulatory standards, as well as for automating proactive security operations to monitor and respond to threats and attacks in real-time. This real-time element increases effectiveness, reduces cost, and quickly adapts to changes in standards or policy. Security Manager consolidates and correlates data from any number of security devices, networks, operating systems, databases, and applications without customization. Intellitactics also employs a consistent set of controls from best practice frameworks like ISO and NIST, and then monitors control performance. Simple to deploy on one server, in a central security operations center, or when operations are distributed across the country or around the world, Security Manager supports real-time alerting, incident management and reporting.

Company Description: Intellitactics provides the premier enterprise security management solution used by security analysts, security operations, and corporate risk officers in the largest, most challenging environments in the Global 3000 and mission sensitive government agencies. Its industry leading Intellitactics™ Security Manager is a balanced real-time event, alert and incident manager combined with an advanced reporting system used for decision support and preparation of compliance audit response. Security Manager is a comprehensive solution that dramatically reduces exposure to cyber crime and minimizes the costs associated with incident resolution and recovery. Intellitactics™ SAM features practical security assurance metrics™ and is the industry's first dashboard displaying metrics that measure security value. Founded in 1996, Intellitactics is backed by JMI Equity Fund LP and Lazard Technology Partners is ranked by well-known industry analysts as a market leader known for innovative solutions and a commitment to customer success.

Key Features and Benefits

Alert Scoring Methodology

  • Intellitactics applies a nine-factor risk score, computed automatically and used to rank alerts to focus precious analyst minutes on alerts with the greatest impact.
  • Ranking alerts by the risk posed to the business, or alerts with the greatest impact on an organization’s ability to comply with any of the regulatory standards improves effectiveness and results. Prompt attention to high-impact alerts reduces disruption, limits risk and reduces the costs of recovery from unchecked attacks.

Product Architecture

  • Intellitactics offers unparalleled scaling based on its flexible, hierarchical architecture. All of the Intellitactics services and product components can be deployed on one server or multiple servers to accommodate any enterprise configuration, with no change in the functionality available to the users.
  • Includes Security Data Warehouse (SDW), a secure multi-dimensional data store that includes compressed stores for raw events (logs) and parsed events; and an optimized MySQL relational database that stores monitored and analyzed security event data. This robust architecture is completely transparent to the user.
  • Intellitactics enables multiple archiving techniques for longer term, low-cost storage. The information in the SDW represents a rich source of event, alert, and incident information, with a back-end store that meets the needs of local, regional and enterprise-wide storage requirements.

Control Monitoring and Reporting

  • Ability to monitor and report on control performance
  • Analyzes security events against the controls selected to limit risk and maintain compliance; maps security events to controls from leading frameworks such as CoBit, ISO 17799, and NIST 800-53 (developed for the US federal government but increasingly selected by commercial companies because of its explicit detail)
  • Ships with a complete catalogue of meta-controls that automatically produce control alerts and over 200 pre-defined control reports

Intelligent Data Modules

  • Provide the intelligence that translates cryptic event messages from vendors into human-readable, usable information that can be used for analysis, alerting, correlation and reporting.
  • Robust library of more than one hundred data modules is maintained by Intellitactics’ Security Information Services (SIS) team, and this library is continuously expanded as new products, applications and versions of products are released by the vendors.
  • Built to satisfy the requirements for performing escalations of events to alerts, correlations and reports.

Security Metrics

  • Intellitactics delivers practical security assurance metrics on a configurable dashboard. These metrics, key performance indicators for security, help other managers understand how they can support the security strategy and what security provides to the organization. Metrics will:
    • Persuade people to change behavior and compel others to embrace new processes
    • Demonstrate organizational effectiveness and justify current and future security investments
    • Assess the effectiveness of controls and illustrate the state of compliance

OPSEC Integration

Intellitactics Security Manager securely acquires events from Check Point firewall and VPN systems through the use of the LEA (Log Export API) protocol. All Check Point events are collected in real time, normalized, and taxonomized for use in Security Manager for analysis, alerting, and reporting so that security teams can identify threats and attacks, as well as audit approved activities, within their environment.

Security events from the Check Point sources are analyzed by packaged and pre-configured correlations in Intellitactics Security Manager which automatically escalate important events to alerts.

These alerts are then scored and ranked by combining details such as asset criticality and vulnerability status with the information provided by Check Point for prioritized display to analysts and operators for quick response. Security teams can also configure their own correlation definitions in Security Manager to meet in-house requirements specific to each site.

More than 20 web-accessible reports are also packaged with Intellitactics Security Manager that highlight Check Point events and alerts, including top sources, targets, and types of firewall and VPN activity (including a focus on critical assets). In addition, Security Manager provides a report wizard, which can be used by security teams to copy or create new reports to meet environment-specific needs for analysis and auditing. All of these reports can be run on demand, scheduled, and published to an access-controlled, web-accessible repository.

Additional Information

Intellitactics products feature a low total cost of ownership:

  • Primarily agent-less data collection places no additional burden on the system or network
  • Security Data Warehouse includes an embedded and optimized relational data base that is self managing and requires no DBA. In addition, cost-effective storage of compressed raw events and high performance database for reporting and alerting is easy on the storage budget.
  • Product architecture grows as requirements in a security environment grow, such as when more data sources are added or as risk policies evolve.
  • ISM also features ‘security know- how’ in packaged reports, metrics and correlations that decreases time to value.
  • ISM architecture adapts to hierarchical implementations on a campus, across the country or around the world.