Tivoli Security Operations Manager

• Централизованное выполнение действий по обеспечению безопасности для различных подразделений, технологий и процессов.
• Приведение мер по обеспечению безопасности в соответствие с ИТ-операциями и бизнес-приоритетами для максимального увеличения времени бесперебойной работы служб.
• Решение вопросов, касающихся соответствия законодательным требованиям и корпоративными политиками управления рисками.
• Сведение к минимуму времени, которое уходит на выявление и разрешение проблем, связанных с нарушением безопасности.

• Упрощенная и оптимизированная настройка и администрирование — удобство использования, обеспечивающее сокращение затрат времени и труда на развертывание и администрирование благодаря упрощенному, централизованному интерфейсу устройств и новой функции автоматического конфигурирования источника событий.
• Улучшенная инфраструктура механизма фильтрации и корреляции событий, обеспечивающая большую гибкость, расширенные возможности и высокую производительность.
• Расширенный пользовательский интерфейс информационной панели управления безопасностью с расширенными возможностями настройки и новой базой знаний по безопасности.
• Расширенные возможности регистрации происшествий и управления делопроизводством.
• Расширенный инструментарий для изучения хоста с целью идентификации и разрешения происшествий.
• Расширенная и обновленная поддержка платформ, включая DB2, AIX, а также полная поддержка глобализации и интернационализации.
• Интеграция с ПО Tivoli Compliance Insight Manager, обеспечивающая создание комплексного решения для управления информацией и событиями, относящимися к безопасности (SIEM).

• Модуль интеграции Remedy, который обеспечивал одностороннее перенаправление заявок в систему технической поддержки BMC Remedy Help Desk.
• Поддержка API-интерфейса SourceFire.
• Функция обеспечения высокой доступности для сервера централизованного управления (CMS).
• Поддержка MySQL в качестве внутреннего хранилища базы данных. Эта база данных была заменена продуктом IBM DB2 Enterprise Edition.

• быстро выявлять и устранять проблемы, связанные с нарушением безопасности;
• внедрять политики безопасности;
• проводить аудит и обеспечивать соответствие принятым нормам.

• автоматизировать объединение, корреляцию и анализ журналов;
• автоматически выявлять, определять причины и реагировать на проблемы, связанные с нарушением безопасности;
• совершенствовать методы, связанные с отслеживанием и обработкой событий;
• реализовывать и отслеживать выполнение политик;
• предоставлять отчеты по действиям, направленным на обеспечение соответствия принятым нормам.

Network and resource availability is absolutely critical to business and service assurance. But enterprises, federal agencies and service providers can lose millions of dollars per year as a result of worms and other types of malware that bring down corporate resources and customer-facing services. That's why information security is one of the top concerns of every CIO in any enterprise or carrier.

To maximize resource and service availability and protect customer information, today's information security teams must be able to:

The challenge is that each of these activities involves security data that resides throughout the organization. Enterprises and service providers need to be able to access and quickly analyze this disparate data - quickly and efficiently. In today's complex, multi-vendor environments, that means leveraging an automated, integrated solution.

Tivoli Security Operations Manager

In response to these challenges, turn to Tivoli® Security Operations Manager (TSOM) - a security information and event management (SIEM) platform designed to improve the effectiveness, efficiency and visibility of security operations and information risk management. By centralizing and storing security data from throughout the technology infrastructure, Tivoli Security Operations Manager enables you to:

Tivoli's Security Operations Manager automates many repetitive, time-intensive activities required for effective security operations. The result is an efficient, cost-effective approach to security operations.

Improve efficiency through operational integration

TSOM addresses operational inefficiencies experienced by siloed IT organizations by facilitating the flow of incident management data between security, network and systems management operations teams. For example, TSOM integrates closely with enterprise network and system management products - including Netcool® event managers and dashboards, as well as Tivoli Enterprise Console® - and IT help-desk ticketing systems. You can leverage these integrations to:

TSOM also integrates with Tivoli Identity Manager and Tivoli Access Manager to provide monitoring and oversight for customer's identity and access policies, ensuring that policies are enforced, and that potential misuse attempts are quickly detected and addressed.

Deepen understanding by using comprehensive reporting

The on-the-fly data mining, historical reporting, self-auditing and tracking capabilities in Tivoli Security Operations Manager provide critical components for understanding security trends. What's more, these reports help IT communicate relevant security information to other audiences, such as management and audit.

Features include:

Tivoli Security Operations Manager draws on information stored in a security event database to deliver historical reporting and trending on demand.

Select from multiple deployment options to suit your environment

Tivoli Security Operations Manager features a modular architecture that can adapt to - and grow with - your organization's security infrastructure. Each of the components - the event aggregation module that collects and normalizes data, the central management server that performs advanced analysis and correlation, and the database that stores historical information - can be distributed on separate hardware, or the components can be deployed together.

An organization might deploy multiple event aggregation modules throughout the organization to support higher volumes of event information or facilitate geographic distribution of system resources. For example, one customer uses 12 event aggregation modules for its geographically dispersed locations - enabling the company to distribute data collection and processing.

Similarly, the event aggregation modules can all send data to a single central management server, or an organization can use multiple servers to maximize availability - if one server is unavailable to an event aggregation module, it will instead forward the event to a secondary central management server.

Provide a platform for offering managed security services

In addition to serving as the critical IT security platform for midsize and large enterprises and carriers, Tivoli Security Operations Manager can also act as a strong, proven foundation for a highly profitable managed security services business. The same deployment options that make the software scalable and stable for any organization also enable Tivoli Security Operations Manager to meet the needs of a highly distributed services environment.

When used by managed security service providers, Tivoli Security Operations Manager helps:

Security breaches can have serious, measurable consequences: lost revenue, downtime, damage to reputation, damage to IT assets, theft of proprietary or customer information, cleanup and restoration costs, and potential litigation costs. To reduce these risks, security organizations need the capability to quickly identify and react to attacks.

Tivoli Security Operations Manager provides a holistic view of your security posture and the abilities to drill down and investigate attacks quickly. As a result, it is a valuable tool to help prevent intrusions and help maximize the security of your business.