In an attempt to differentiate its security products from others, Cyberoam has added a user activity-based risk rating capability to its Next-Generation Firewall and UTM appliances.
The company, a division of anti-malware maker Sophos Inc., said this week its User Threat Quotient ranks everyone authorized on a network and assigns a threat score based on examining log and event data from their Web activity.
Separately, SolarWinds said it has enhanced its Log & Event Manager, a security information and event management (SIEM) application, with new configuration and rules wizards for faster deployment and simplified setup of correlation rules.
The new Cyberoam capability has been added to the 10.6.2 version of the hardware operating system and is viewable by administrators through the firewall or UTM dashboard. “Unlike other vendors you don’t need to set up a monitoring server,” Anurag Singh, Cyberoam’s North American head of presales, said in an interview.
Singh wouldn’t detail exactly what UTQ examines, except to say it includes Web sites a user goes to and applications used.
Enterprise networks generate lots of data with clues into user-triggered events, the company said, but the information remains difficult to read. In addition, it argues, correlating data from various logs and reports takes time and special skills. UTM, it says, helps admins by profiling suspicious Web behaviour.
The ranking can be found in the dashboard’s Logging and Reporting tab. The riskiest user can be spotted as the largest red circle. Administrators can take the results and have a talk with the staffer.
Results can be exported in PDF, Excel. Reports can be sent automatically by email to an administrator to be looked at either daily, weekly or monthly.
At SolarWinds, the company the new wizards were created because most IT Pros don’t have the time to manually configure security monitoring or become experts in specific systems before implementation.
The Configuration Wizard provides simple steps that ensure correct configuration, allowing administrators to quickly address their security, the company said.
It provides guidance on basic settings including email configuration and access to Active Directory. It also integrates with Add Node Wizard, which simplifies adding devices and collecting data by walking IT Pros through all the necessary steps to collect log and event data from systems, applications and devices.
The Rules Wizard offers admins an out-of-the-box list of categories and subcategories of rules that can be enabled en masse, including security, compliance, change management, operations, endpoint monitoring and more. It also provides best practice information to ensure IT Pros can immediately identify and remediate threats based on an organization’s needs, the company said.
SolarWinds Log & Event Manager pricing starts at $4,495 USD.