Activeworx Security Center

Activeworx Security Center (ASC) is a security information and event management platform; it collects event information from multiple 3rd party platforms (including routers, firewalls, vulnerability scanners, system logs, etc.) and provides facilities for the examination of that data, including reporting, viewable dashboards, and graphs. Additionally, a real-time correlation engine allows for the creation of rule sets that incorporate both existing data and incoming events; with flow-chart like definitions and the ability to combine similar or related events into a single event. Real-time alerting to pagers, E-mails or by syslog network events to other applications and devices is supported; and alerting can be configured to trigger based on individual security events or correlated incidents.

Event collection is performed via agent-less methodologies; utilizing technologies including Syslog, SNMP, WMI, RDEP, SQL, FTP, SFTP, File Copy and OPSEC. As mentioned above, ASC is able to collect and manipulate events from multiple 3rd party platforms (called "devices" in the vendor literature, but also including applications and operating systems). A sampling of the currently supported platforms includes firewalls and VPNs (3COM, Cisco, CheckPoint, Juniper, Nortel, SonicWALL, Windows XP); vulnerability scanners including GFI Network Security Scanner and Nessus; operating system monitoring including multiple Linux, OS X, Solaris, and Windows (2000/XP/2003/Vista/2008); antivirus scanners including Symantec Corporate and Trend Micro; IDS systems including Cisco, Snort, and Symantec; the Apache and IIS Web servers; Cisco, HP, Nortel routers and switches; and specific applications including Sendmail, glFTPd, and WU-FTPD. For Snort specifically, the vendor notes that ASC was designed to integrate with the Snort DB; including integration with IDS Policy Manager v2.

The above-mentioned supported devices is not a complete list; visit the vendor's Web site for details.

Among the available reports (the vendor notes the existence of hundreds of default reports) are those specifically related to compliance initiatives (SOX, HIPAA, GLBA, PCI), as well as those based on aspects from specific devices, groups of devices, classifications, or specific actions. Reporting filters can be added for customization, and reports can be exported to multiple formats including PDF, HTML, XLS, and single file HTML. Reports can be run once or scheduled on a recurring basis, with results E-mailed or uploaded to a central server. A Crystal Reports Engine add-on is also available.

New features of the latest ASC release include desktop notification systems for alerting, ticketing system features for incident resolution, and a real-time event viewer.

Visit the CrossTec Web site for further information.