Security is mission critical. Breaches can have serious, measurable consequences: lost revenue, downtime, damage to reputation, damage to IT assets, theft of proprietary or customer information, cleanup and restoration costs, and potential litigation costs. To reduce these risks, security organizations need the capability to act preemptively to protect the business and quickly identify and react to threats and attacks.

DigitalStakeout with Threat Aware™ is a security information and event management (SIEM) platform which:

• Centralizes and stores security data from throughout the technology infrastructure (agentless and agent options) to improve security operations and information risk management from over 300 supported data sources
• Enables you to automate log aggregation, correlation and analysis; recognize, investigate and respond to incidents automatically; and streamline incident tracking and handling
• Provides unprecedented security posture awareness by correlating out-of- band real-time global threat intelligence with aggregated logs
• Provides ready-to-go security operations framework with a NIST SP 800-61 incident detection methodology
• Improves efficiency through operational integration by facilitating the flow of incident management data between security, network and systems management operations teams
• Deepens understanding through comprehensive reporting, including on-the-fly data mining, historical reporting, self-auditing and tracking capabilities
• Offers multiple deployment options to suit your environment thanks to a modular architecture that can adapt to – and grow with – your organization's security infrastructure
• Provides a platform for offering multi-tenant managed security services, delivering reduced operational costs through automation and speedy implementation

There are millions of known malicious hosts on the Internet your network should never succussfully connect to. Can you validate if your network is connecting successfully to any of them?

Breaking past the traditional context bound SIEM and static blacklists

DigitalStakeout Threat Aware™ is the security industry's first and only SIEM which incorporates real-time global threat intelligence data into its event correlation engine and vulnerability correlation engine providing unprecedented security posture awareness. DigitalStakeout Threat Aware™ is a patent pending threat detection correlation engine specifically designed to enforce security posture by detecting connections to and from your network to the most threatening hosts on the Internet.

DigitalStakeout's Threat Aware™ accesses a global constellation of threat data which collects millions of observations per day of suspicious or malicious behaviors on over 1 million unique IP Addresses. Threat Aware™ classifies and correlates threat intelligence with normalized logs to identify source and destination connections to hosts and networks associated with spam, viruses, worms, denial of service attacks, open proxies, open relays, command & control bot-nets, irc servers, tor servers, and other behaviors indicative of malicious activity in real-time. 

DigitalStakeout SIEM addresses operational inefficiencies created as a result of siloed IT functions and organizations by facilitating the flow of incident management data between security, network and systems management operations teams. For example, DigitalStakeout SIEM integrates closely with enterprise network and system management products - including Netcool® event managers and dashboards, as well as Tivoli Enterprise Console® - and IT help-desk ticketing systems.

You can leverage these integrations to:

• Ensure business and service assurance
• Correlate security insights with information from the broader operations environment
• Further facilitate incident remediation

The on-the-fly data mining, historical reporting, self-auditing and tracking capabilities in DigitalStakeout’s SIEM provide critical components for understanding security trends. What's more, these reports help IT communicate relevant security information to other audiences, such as management and audit. 

Features include:

• Standard and customizable report template
• An automated report scheduler
• HTML, PDF and XML exporting of all graphs and charts
• Self-auditing and tracking of all security activities

DigitalStakeout SIEM draws on information stored in a security event database to deliver historical reporting and trending on demand.

DigitalStakeout SIEM Units & Specifications

DSIEMC-MSS832800 • Event Rate: Up to 5000 Correlated EPS w/ NIST 800-61 Rules & Asset Attribution • Automatic Device Detection: Yes • Agentless Aggregation: Yes • Agent (Windows/ASCII/ODBC) Aggregation: Yes • MSSP Report Pack: Yes • Threat Aware Compatible: Yes • Unlimited Threat Aware Queries: Yes • ODBC Access: Yes • Command Line Access: Yes • Custom Script Upload: Yes • 2U Chasis • Processors: 2 X Intel QuadCore Processors • Hotswap Storage: 900 GB RAID 10 Online & 1TB RAID 1 Offline • 32 GB Memory • Redundant 700W Power Supply
DSIEMC-E832800 • Event Rate: Up to 5000 Correlated EPS w/ NIST 800-61 Rules & Asset Attribution • Automatic Device Detection: Yes • Agentless Aggregation: Yes • Agent (Windows/ASCII/ODBC) Aggregation: Yes • Threat Aware Compatible: Yes • Unlimited Threat Aware Queries: Yes • ODBC Access: Yes • Command Line Access: Yes • Custom Script Upload: Yes • 2U Chasis • Processors: 2 X Intel QuadCore Processors • Hotswap Storage: 900 GB RAID 10 Online & 1TB RAID 1 Offline • 32 GB Memory • Redundant 700W Power Supply
DSIEMC-E416800 • Event Rate: Up to 2500 Correlated EPS w/ NIST 800-61 Rules & Asset Attribution • Automatic Device Detection: Yes • Agentless Aggregation: Yes • Agent (Windows/ASCII/ODBC) Aggregation: Yes • Threat Aware Compatible: Yes • Unlimited Threat Aware Queries: Yes • ODBC Access: Yes • Command Line Access: Yes • Custom Script Upload: Yes • 2U Chasis • Processors: 1 X Intel QuadCore Processor • Hotswap Storage: 900 GB RAID 10 Online & 1TB RAID 1 Offline • 16 GB Memory • Redundant 700W Power Supply
Modular Archiecture: DSIEM-MC Series DigitalStakeout SIEM features a modular architecture that can adapt to - and grow with - your organization's security infrastructure. Each of the components - the event aggregation module that collects and normalizes data, the central management server that performs advanced analysis and correlation, and the database that stores historical information - can be distributed on separate hardware. An organization is able to deploy multiple event aggregation modules throughout the organization to scale and support higher volumes of event information or facilitate geographic distribution of system resources. • Event Rate: Up to 15,000+ Correlated EPS w/ NIST 800-61 Rules & Asset Attribution • Modular Components: Correlation, Aggregation, Database, Report Server