Check Point SmartEvent

SmartEvent provides several security event management real-time views to help you quickly grasp your security situation and act based on what you see, all via a single console. The timeline view enables you to see trends and the propagation of attacks. The charts view provides event statistics in either a pie chart or a bar graph format. The maps view allows you identify potential threats by country.

SmartEvent provides centralized event correlation management for all Check Point products as well as third-party devices. Administrators can quickly identify critical security events, stop threats directly from the event screen and add protections on-the-fly to remediate attacks, all via a single console. The same interface enables you to deal with auditing and reporting to achieve unified compliance reporting and simplify network security management.

Focus on What is Important

See How Event Data Differs Over Time

Quickly Indentify Potential Threats by Country

SmartEvent provides various tools to help you conduct quick security event analysis and simplify network security management. Events can be dynamically filtered, searched, sorted and grouped to quickly understand your network security status. Based on what you see, you can stop attacks straight from the event screen. Remediate attacks by adding protections on-the-fly. Block malicious traffic from rogue nations with geo-protection.

Blovk Malicious Traffic from Rogue Nations

For easy integration, the SmartEvent Software Blade supports both Check Point security management and multi-domain security management environments, eliminating the need to configure each device separately for log collection and analysis. All objects defined in security management or multi-domain security management (Provider-1) are automatically accessed and used by the SmartEvent server for event policy definition and enforcement.

The SmartEvent Software Blade delivers a flexible, scalable platform capable of managing millions of logs per day per correlation. Through its distributed architecture, SmartEvent can be installed on a single server but has the flexibility to spread its processing load across multiple event correlation units.

The SmartEvent Software Blade provides a large number of predefined, but easily customizable, security events for quick deployment. IT security administrators can easily create their own events using a wizard for their particular needs.

The SmartEvent Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point Security Gateways (Check Point appliances including UTM-1, Power-1, IP Appliances and IAS Appliances, or open server platforms) saving time and reducing costs by leveraging existing security infrastructure.

In addition, a dedicated, plug-and-play Smart-1 SmartEvent appliance is available.

Data Sources
Built-in Integration to Check Point Products	See real-time information, trends and anomalies at a glance with security events displayed graphically to clearly represent the number, time and severity of the events
Supported Products	Multiple Check Point and third-party devices
Graphical Log Parser	Graphical log-parser to manually parse and ready any third-party log file
Multiple Log Collection Methods	Agent-based and agent-less log collection capabilities
Visibility
Timelines Views	See real-time information, trends and anomalies at a glance with security events displayed graphically to clearly represent the number, time and severity of the events
Chart Views	View events statistics in bar charts or pie graphs
Maps	Geo-locate event source or destination IP on a map
Events Quick-Views	Immediate event grouping by top event type, event source, destination, user, country
Security Event Analysis
Predefined Security Events and Best-practice Event Correlation Management Rules	Predefined events and correlation rules for industry-common security concerns based on Check Point best practice
Customized Security Events	Custom build event correlation rules to monitor any security event
Forensics	Drill down to event information by double-clicking on timelines, charts or maps; rapid data drilldown up to packet level
Events Grouping & Search	Easy-to-use search and data grouping for event analysis
Identity Logging	Map IP address to user name based on Active Directory
ClientInfo Application	Get full machine information (processes, hotfixes and vulnerability indications) for any device by right-clicking on device IP
Intelligent Learning Mode	Baselines activity to discover normal trends
Vulnerability Assessment for Security Events	Built-in vulnerability assessment of applicable security events
Actionable Security
Event Ticketing	Assign events to administrators with ticketing workflow
Global and Event Specific Exceptions	Customize alerts to exclude events by product, source, destination and service
Actionable Security	Automatically or manually deal with a security event and change security policy based on event analysis
Other
Scalable Distributed Architecture	Log server, event correlation server and event server can be deployed on separate systems
Turn-key Appliance-based Solution	Appliance-based solution for easy deployment
Internet Protocol Versions	IPv6 and IPv4
Packaging
Full SmartEvent	Centralized, real-time security event correlation management for all Check Point products and third-party devices
SmartEvent Intro	Centralized, real-time security event correlation management for a single Check Point security Software Blade