Hello Mir, The most basic difference is that the ILM will process logs from devices where the complete Siem solution will process logs and flow data. I have added some product overview information for convenience.
Regards Jeff Dudley The Enterasys Integrated Log Management (ILM) solution provides the ability to collect, analyze, and archive network and security event logs. The primary challenges for log management in today's network environment include log overload, data complexity, and compliance requirements. Log data is available from nearly every device connected to the network. These logs contain information that is essential for compliance reporting, troubleshooting, and threat resolution. Locating, correlating, and understanding the available information is a significant challenge. The number of data sources and the volume of information generated make manual management and analysis of the data impractical. Another challenge is log data complexity. Each log data source defines, organizes, formats, and presents its information differently. This makes it extremely difficult to correlate and analyze information from multiple sources. Additionally, evolving compliance standards require organizations to make extensive use of log information from an ever-widening array of sources to generate reports. This increasingly demanding analysis of log information requires the ability to correlate, normalize, and analyze information from a wide range of sources. Enterasys ILM provides a comprehensive solution for today's integrated log management challenges. Enterasys ILM collects, integrates, and correlates log information from multiple sources in the network, including: * Routers/Switches* Firewalls* Virtual Private Networks (VPNs)* Intrusion Prevention/Detection Systems (IPS/IDS)* Anti-virus applications* Hosts & servers* Database, email, and web applications* Custom devices and proprietary applications Enterasys ILM provides scalable distributed log collection and archiving, reliable and tamper-proof log storage, and simple policy-driven event correlation. Compliance-focused reporting packages help organizations meet audit and compliance mandates. Enterasys ILM is a unique, cost-effective solution for organizations that have an immediate need to deploy a log management solution but are not ready for a more comprehensive Security Information and Event Management (SIEM) solution. As an organization's needs for more advanced information and analysis grows, Enterasys ILM is easily upgradable with a license key to the full Enterasys SIEM solution. ****************************************** The Enterasys Security Information and Event Manager (SIEM) product combines best-in-class detection methodologies with behavioral analysis and information from third party vulnerability assessment tools to provide the industry's most intelligent security management solution. Enterasys SIEM delivers actionable information to effectively manage the security posture for organizations of all sizes. The challenge created by most threat detection systems is the volume of information they generate - making it difficult to determine which vulnerabilities require an immediate, high priority response. The Enterasys SIEM solution addresses this challenge and provides powerful tools that enable the security operations team to proactively manage complex IT security infrastructures. Enterasys Security Information and Event Manager: * Goes beyond traditional security information and event managers and network behavioral analysis products to deliver threat management, log management, compliance reporting, and increased operational efficiency * Collects and combines network activity data, security events, logs, vulnerability data, and external threat data into a powerful management dashboard that intelligently correlates, normalizes, and prioritizes-greatly improving remediation and response times, and greatly enhancing the effectiveness of IT staff * Baselines normal network behavior by collecting, analyzing, and aggregating network flows from a broad range of networking and security appliances including JFlow, NetFlow, and SFlow records. It then discerns network traffic patterns that deviate from this norm, flagging potential attacks or vulnerabilities-anomalous behavior is captured and reported for correlation and remediation * Tracks extensive logging and trend information, and generates a broad range of reports for network security, network optimization, and regulatory compliance purposes; report templates are provided for COBIT, GLB, HIPAA, PCI, and Sarbanes Oxley All SIEM appliances offer High Availability (HA) functionality that ensures availability of SIEM data in the event of a hardware or network failure. HA provides automatic failover and full disk replication between a primary and secondary host. The secondary host maintains the same data as the primary host by either replicating the data on the primary host or accessing a shared external storage. At regular intervals the secondary host sends a heartbeat ping to the primary host to detect hardware or network failure. If the secondary host detects a failure, the secondary host automatically assumes all responsibilities of the primary host. The Enterasys SIEM HA functionality is easily and cost-effectively deployed through appliances and wizards without requiring additional fault management solutions and storage options. The Enterasys SIEM solution portfolio features appliances for quick and easy setup. The Enterasys SIEM solution complements its appliances with the Virtual Flow (VFlow) Collector. This virtual flow collector appliance enables application layer traffic monitoring and security intelligence in a virtual infrastructure. Available Enterasys SIEM solution components include: * SIEM Base Appliance * Flow Anomaly Processor * Event Processor * Network Behavioral Flow Sensors * Virtual Flow Collector * SIEM Console Manager * High Availability options From: Mir F. Ali [mailto:[email protected]] Sent: Tuesday, December 27, 2011 8:20 AM To: Enterasys Customer Mailing List Subject: [enterasys] ILM and SIEM Dear All, Unfortunately, I am away from Enterasys because i was involved in some projects however i would like to know what is the actual difference between ILM and SIEM. Thanks & regards, Mir ALI * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
