SmartEvent Software Blade
Overview
The SmartEvent Software Blade turns security information into action with real-time security event correlation and management for Check Point security gateways and third-party devices. SmartEvent’s unified event analysis identifies critical security events from the clutter while correlating events across all security systems. Its automated aggregation and correlation of data not only minimizes the time spent analyzing log data but also isolates and prioritizes the real security threats.
With the SmartEvent Software Blade, security teams no longer need to comb through the mass of data generated by the devices in their environment. Instead, recourses can now be deployed to focus on the threats that pose the greatest risk to their business.
Key Benefits
- Quickly identify security events from the deluge of device logs
- Translate security events into actionable intelligence
- Reduce business risk by responding in real-time
- Prioritize resources to address the most critical threats
- Track event resolution with built-in ticketing
- Easily install and deploy for low TCO
- Generate increased value from current security investments
Turn Information Into Action
 |
|||
| More Visibility |
Faster Remediation |
Best Integration |
Simple and Easy to Use |
Features
- More Visibility
- Faster Remediation
- Single, Unified Event Console
- Best Integration
- Simple and Easy to Use
- Scalable, Distributed Architecture
More Visibility
SmartEvent provides several real-time views to help you quickly grasp your security situation and act based on what you see. The timeline view enables you to see trends and the propagation of attacks. The charts view provides event statistics in either a pie chart or a bar graph format. The maps view allows you identify potential threats by country.
Focus on What is Important
See How Event Data Differs Over Time
Quickly Identify Potential Threats by Country
Faster Remediation
SmartEvent provides various tools to help you conduct quick event analysis. Events can be dynamically filtered, searched, sorted and grouped to quickly understand your network security status. Based on what you see, you can stop attacks straight from the event screen. Remediate attacks by adding protections on the fly. Block malicious traffic from rogue nations with Geo-Protection.
Block Malicious Traffic from Rogue Nations
Single, Unified Event Console
The SmartEvent Software Blade is the first and only unified event analysis and management solution that delivers actionable threat management. SmartEvent provides centralized event correlation and management for all Check Point products as well as third-party devices. The same interface enables you to deal with auditing and reporting to achieve unified compliance reporting.
Best Integration
The SmartEvent Software Blade interfaces with existing Security Management and Provider-1® log servers, eliminating the need to configure each device log server separately for log collection and analysis. All objects defined in Security Management or Provider-1 are automatically accessed and used by the SmartEvent server for event policy definition and enforcement.
Simple and Easy to Use
The SmartEvent blade provides a large number of predefined, but easily customizable, security events for quick deployment. IT security administrators can also easily create their own events using a wizard for their particular needs.
Scalable, Distributed Architecture
The SmartEvent Software Blade delivers a flexible, scalable platform capable of managing millions of logs per day per correlation. Through its distributed architecture, the SmartEvent blade can be installed on a single server but has the flexibility to spread its processing load across multiple correlation units.
Specifications
| Features | Description |
|---|---|
| Data Sources | |
| Built-in Integration to Check Point products | Pre-defined integration to Check Point products with predefined event rules and best-practice event correlation logic. |
| Supported products | Multiple Check Point and 3rd party devices |
| Graphical log parser | Graphical log-parser to manually parse and ready any 3rd party log file |
| Multiple log collection methods | Agent based and agent-less log collection capabilities. |
| Visibility | |
| Timelines Views | See real time information, trends and anomalies at a glance with security events displayed graphically to clearly represent the number, time and severity of the events. |
| Charts Views | View events statistics in bar charts or pie graphs |
| Maps | Geo-locate event source or destination IP on a map |
| Events Quick-Views | Immediate event grouping by top event type, event source, destination, user, country. |
| Event Analysis | |
| Pre-defined security events and best practice event correlation rules | Pre-defined events and correlation rules for industry common security concerns based on Check Point best practice. |
| Customized security events | Custom build events correlation rules to monitor any security event |
| Forensics | Drill down to event information by double-clicking on Timelines, Charts or Maps. Rapid data drilldown up to packet level |
| Events Grouping & Search | Easy-to-use search and data grouping for events analysis |
| Identity Logging | Map IP address to user name based on Active Directory |
| ClientInfo Application | Get full machine informaiton (processes, hotfixes and vulnerability indications) for any device by right-clicking on device IP. |
| Intelligent learning mode | Baselines activity to discover normal trends |
| Volunerability Assetssemnt for Security Events | Built-in vulnerability assetssment of applicable security events |
| Actionable Security | |
| Event Ticketing | Assign events to adminstrators with ticketing workflow |
| Global and event specific exceptions | Customize alerts to exclude events by: product, source, destination and service |
| Actionable Security | Automatic and manual reaction to deal with security event and change security policy based on event analysis |
| Other | |
| Scalable distributed architecture | Log server, event correlation server, and event server can be deployed on separate systems |
| Turn-key appliance based solution | Appliance based solution for easy deployment |
| Packaging | |
| Full SmartEvent | Centralized, real-time, security event correlation and management for all Check Point products and 3rd party devices |
| SmartEvent Intro | Centralized, real-time, security event correlation and management for a single Check Point Security blade |
*See the product manuals for more information
Support
Threats to the network are constantly evolving and becoming more sophisticated. To maintain continuity and productivity, defenses must advance as quickly to deliver the technology and features that protect the business. Check Point Update service protects against emerging threats with critical hot software fixes, service packs, and major software upgrades.
Benefits
- Ensures continuous security with access to critical hot fixes and service packs
- Maximizes ROI and investment with access to major upgrades and enhancements
- Increases security with the latest applications, features, and technologies
Next Steps
- Find a Partner
- Call US sales: 1-866-488-6691
- Contact Us Online
Resources
Check Point Software Blade Architecture Brochure- Software Blades Demo
- Software Blade Architecture White Paper
- Supported Devices
Software Blades
Security Management Software Blades