Trustwave this week unveiled new security information and event management (SIEM) software designed to help businesses better defend against security threats that put sensitive data and operations at risk.
Dubbed Trustwave SIEM Enterprise, the solution combines advanced data correlation and threat intelligence with the pre-configured rule- and role-based controls and reporting, Chicago-based Trustwave said.
The SIEM solution currently supports over 230 third-party devices, includes hundreds of pre-packaged security and compliance reports, and offers advanced threat correlation and intelligence feeds.
It seems no security intelligence solution these days can be marketed without tagging “big data” into it, and Trustwave is no different. According to the company, Trustwave SIEM Enterprise packs “big data” processing power.
“Today’s security professionals are demanding more value and manageability out of SIEM,” said Leo Cole, General Manager of Security Solutions at Trustwave. “They need to advance from traditional log management to more sophisticated threat correlation, improved security intelligence and sustainable risk management, without the deployment and management complexity that often turns traditional SIEM tools into ‘shelf-ware.’
According to Trustwave’s own 2013 Global Security Report, businesses took 210 days on average to detect an intrusion, while most victims relied on third parties, such as customers, law enforcement or regulatory bodies, to notify them a breach had occurred.
SIEM solutions and other network and event monitoring solutions can help organizations discover known and unknown threats such as malware and advanced persistent threats, as well as other threats including application flaws or insecure administrator or user practices.
SIEM Enterprise complements existing investments in Trustwave SIEM Log Management Appliances, working together to help simplify large and complex deployments, the company said.
Trustwave has continued to grow both organically with new products developed internally, as well as through acquisition channels. In March 2012, Trustwave acquired M86 Security, a provider of Web security and anti-malware solutions. Earlier this year Trustwave acquired SecureConnect, a privately-held managed security provider.
In March, 2010, Trustwave acquired SIEM provider Intellitactics, which helped the company enter into the SIEM market. Using technology gained from the acquisition, Trustwave created and launch a Managed SIEM service.
Trustwave also offers SIEM Log Management appliances for SMBs or those with limited SIEM needs. The company offers SIEM OE (Operations Edition) software which is targeted to companies who want more customized and advanced threat correlation.
The correlation engine behind Trustwave SIEM Enterprise is based on the company’s Operations Edition engine, and can be configured to meet evolving needs over time. Correlation capabilities include Rule, Vulnerability, Statistical, Historical, Heuristic, Threat, Asset, Behavior, and Risk based support.
“I think of SIEM OE like a ‘build your own security operations center’ software,” Cas Purdy VP of Corporate Communications at Trustwave told SecurityWeek.
“Trustwave SIEM Enterprise really sits in the middle,” Purdy said. “It’s for companies who want the advanced threat correlation, reporting, customization etc., but who may not have the staff or resources to fully customize the SIEM.”
In addition to its many commercial products and services, Trustwave oversees ModSecurity, the open source web application firewall (WAF) engine for Apache developed and managed by Trustwave’s security team.
In April 2011, the company filed for an Initial Public Offering (IPO), but eventually decided to hold back on its plans to raise as much as $100 million by taking the company public.
*Updated with additional background on Trustwave’s SIEM Business and commentary from Trustwave.