Next Generation SIEM

Security Information is a big data issue

Comodo NxSIEM

Why Comodo NxSIEM?

  • Real-Time Threat and Breach Protection

    Today, security analysts can conduct forensic analyses to find evidence of specific activity in network logs and devices after an attack.

    However, if the suspicious activity is found, how can your customer's threats and damages be prevented or remediated in real-time? The Comodo NxSIEM Cloud Platform is an essential tool for MSPs who want to detect customer problems in real-time. Its powerful and reliable correlation engine processes complex events and keeps a sharp eye on abnormal activities, outliers or anomalies to speed remediation.

  • Incident and Case Management

    Effective incident management is important for overall security remediation. How you respond to your customer's incidents can help you improve security awareness and provide you with a standart process for handling different customer circumstances. Comodo NxSIEM automatically generates incidents for correlated events and prioritizes them as defined by the correlation rule.

    Incidents belonging to a case can be grouped under case definition and handled together in order to simplify the incident management process and provide better reporting of incidents.

  • Advanced Persistent Threat (APT)

    APT's are a challenge to detect and it could be difficult for you to protect your customers from what you don't know. Attackers use different techniques to hide their activities including spreading their activities over time to avoid detection. It is crucial to identify threats as soon as possible to protect your customers. Long-term analyses over large data sets are crucial for identifying security threats. NxSIEM's event query and long-term reporting feature is designed to quickly find those complex events that lead to trails of an APT and reveal the details behind them.

  • Big Data Scalability

    Log monitoring and data collection can be a concern to your customers if they do not have an understanding of which logs are important to watch. With The Comodo’s SIEM Cloud Platform, the answer is simple. All log types are collected and analyzed. Since logs are the key to understanding security controls, NxSIEM's highly scalable and flexible multi-tenancy architecture enables you collect all network logs generated regardless of size or density.

    This enables collecting all logs from all customers without

Key Features

  • Real Time Threat and Breach Protection
  • Incident Management and Remediation
  • Advanced Persistent Threat Identification
  • Actionable Event Queries for Threat Visibility
  • Cost effective Fast time to value
  • Live Lists
  • Intuitive Browser Based User Interface
  • High performance architecture
  • Big Data Scalability
  • Event Model and Custom Queries
  • Customizable dashboards and auto-query
  • Situational Awareness view
  • Multi-tenancy

    Multi-tenancy is often needed for MSP or MSSPs to manage customer data without separate deployments. Comodo NxSIEM is completely multi-tenant, ensuring each customer data is stored and processed separately in one deployment. You can support as many customers as you wish by a single deployment of Comodo NxSIEM. Furthermore you can define separate MSSP nodes that are also multi-tenant and manage many customers under different nodes.

  • Log Management

    Comodo NxSIEM collects logs from various sources by various methods and aggregates, normalizes and classifies them in order to provide a broad end-to-end view of log data that can easily be correlated, associated and analyzed. Comodo NxSIEM leverages advanced queuing and fail-safe architecture to assure consistency and completeness of collected logs.

  • Forensic Analysis

    Forensic Analysis is a complex process, demanding great time and effort. Analysts often start from a single point (e.g. attack or breach) and progress through evidence. Comodo NxSIEM significantly helps to ease and speed up the process by providing rapid queries with simple user interfaces, customizable dashboards and auto-queries. Comodo NxSIEM's long term reporting feature ensures gathering evidence from larger time intervals and contributes detection or identification of advanced persistent threats.

  • Live Lists

    Comodo NxSIEM supports lists in correlation inputs and outputs and query report and dashboard filters. Live lists are a great way of managing security data, especially in real time environments. Live lists can be used to satisfy many use cases including:

    1. • Reducing the generated alert count for specific events in a given time period
    2. • Advanced correlation using lists such as blacklists, whitelists in order to create, stop or escalate alerts upon their list status.
    3. • Query filters using lists e.g. connection requests from blacklisted IPs and many more.