Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OPSEC Partners

RSA enVision Platform

Product Version Certified: enVision v 3.3 for Windows
Certified For Use With: Check Point NG and NGX

Check Point

Product Description: The RSA enVision Platform is a comprehensive suite of appliance solutions that collect event log data from security and network devices to create a complete picture of network usage, generate alerts for possible security breaches, and analyze and report on network performance.

Company Description: Over 900 customers of RSA enVision, including major global enterprises, have proven that there is no more comprehensive, scalable, or efficient way of transforming raw log data into actionable compliance and security intelligence.

The need to swiftly and effectively act on security challenges and address compliance regulations has never been greater, yet expanding enterprise networks and data traffic produces exponentially increasing log file volume. The RSA enVision platform has been shown to provide the most efficient collection, analysis and management of All the Data from any IP device, in computing environments of any size, without filtering and without the need to deploy agents.

Key Features and Benefits

Effectively managing network and security events is considered a best-practice security policy, and for many companies it is a federally mandated requirement. The key to effective network event management lies in the ability to capture and manage thousands of network events in real time, so that an organization has the ability to conduct threat analysis as it occurs, or reference them historically. The enVision Platform allows companies to:

  • Respond to threats in real-time
  • Increase analytical capabilities
  • Create a historical repository of events
  • Monitor and report on inbound and outbound traffic
  • Manage log files in a central repository

In addition, enVision automates a process that when done manually takes days and weeks to accomplish. Prior to deploying a logging appliance, administrators typically sift through thousands of logs to pinpoint security events. enVision has the highest event collection rates in the industry, and can keep pace with high volume enterprise environments. The value of a plug and play solution is very tangible to CIOs because the return on investment to their organization includes:

  • Reduced IT resources to manage security events
  • Reduced costs to their organization due to loss of employee productivity
  • Reduced costs to their organization from poor network performance
  • Reduced costs to their organization due to undetected and untracked network security events

OPSEC Integration

enVision collects logs from Check Point VPN-1 using the LEA (Log Export API) protocol. enVision provides a simple User Interface configuration that allows the user to identify the Check Point console in order to initiate a secured communication with LEA and start colleting logs. enVision supports all the authentication methods available in LEA. Once connected, enVision collects ALL the fields for each event sent through LEA. Users who are familiar with Check Point SmartView Tracker application can be assured that any information they see there is collected by enVision. More than 40 reports are available for VPN-1 covering the following areas:

  • Security - Denied connections, Email security
  • Connections - User authentications, Permitted connections
  • Protocol utilization - FTP, HTTP, Telnet, Email
  • Bandwidth utilization - By address, port, hour
  • Audit - configuration changes by administrator, application, type

All events collected from Check Point can be fed into enVision's robust alerting and correlation engine. Simple alerts can detect high rates of specific events that show anomaly from normal behavior. Correlated alerts can be used to detect more complicated patterns that involve matching of addresses and other important payload data with all devices on the network.