Real Time Event Correlation and Analysis

ThreatVision™ provides a state-of-the-art correlation and analysis engine that filters out data and refines only the relevant information, providing threat alerts without data overload. ThreatVision™ solution is capable of correlating security events across a variety of security devices and their alert formats, including Checkpoint, Cisco, ISS, Nokia, SNORT and Sonic Wall. The real-time event aggregation, correlation and analysis enables administrator to gather intelligence across multiple devices to quickly spot abnormal behavior. This reduces the effort required by security analyst to identify threats, giving them time for more sophisticated intrusion investigation and policy management.

Unique Abnormal Behavior Detection

Abnormal behavior detection is a new frontier in the threat management solution space. ThreatVision™ profiles for a customer network builds a security 'baseline' that detects any behavior that does not confirm to the known 'good' behavior. The deviation from the 'baseline' is continually tracked by ThreatVision™ Analysis and Correlation Engine (ACE) to detect an attack or misuse. Examples include detection of excessive use on port 80 or detection of use at unusual hours. The benefit of this approach is that it can detect the anomalies without having to understand the underlying cause behind the anomalies. It also provides detection when a signature based IDS system misses on a new type of an attack.

Increased Accuracy with profiling templates

The attack threshold templates included with the system were developed over live customer environments across of hundreds of Security devices. This proven model enables rapid tuning of the ThreatVision™ solution and help reduces false positives.

Customizable Agent

Since each network has unique data collection polices and procedures, Threat Vision has built an extremely flexible and user-friendly customizable agent interface. Due to customizable agent, a wide variety of security and network devices can be integrated to Threat Vision infrastructure.

Filtering

ThreatVision™ allows the user to set condition by which data will be filtered and which helps to reduce large volumes of unwanted data.

Real time Console View

ThreatVision™ Management Console provides a unique unified view of the security events across the enterprise.

Rapid Deployment

ThreatVision™ deployment does not require deployment of special hardware sensors or software to load on customer systems. Implementation requires a simple configuration change on the security devices.

ThreatVision™ Supported Applications and Platforms