• Information contained in logs provides critical visibility into events and incidents within your environment. Reviewing these logs and setting up automated notifications are essential in providing security and compliance benefits, enabling forensic investigations and system administration, and helping organizations achieve their overall business objectives. Trustwave Log Management Appliances are designed to collect and process logs, and make sense of all the available data.

Overview

  • Part of our SIEM portfolio, Log Management Enterprise (LME) addresses needs for compliance, security audits, and basic security analysis and management.

    LME is designed for organizations that need an easy-to-implement log collection and management solution to serve either as a standalone solution, part of a larger SIEM solution or part of a Trustwave Managed Security Services solution. With Trustwave products, no additional storage, licensing, or compliance packages are needed – which means you can accurately predict costs.

    SIEM-LP-Device-Front

    Why do customers choose Trustwave Log Management Appliances?

    • Audit-ready reporting on compliance objectives.
    • Near real-time access to security events and logs.
    • Powerful correlation and notifications with more than 70 configurable templates.
    • Granular permissions support organizational roles.
    • Turnkey appliance requires no other infrastructure.

Features

  • Log Management Enterprise

    Collecting and processing logs, and making sense of all the available data, can be challenging. As an appliance-based solution that is easy to deploy, operate, manage and use, Trustwave Log Management Enterprise (LME) helps simplify these challenges.

    Trustwave LME includes support for hundreds of auditing devices from a myriad of vendors and offers a primarily agent-less approach, which simplifies ongoing operational maintenance requirements and reduces total cost of ownership.

    Using embedded real-world expertise, LME identifies important audit and security events in real time. In addition, it offers:

    • Blue Target

      Analytics

      • Powerful visual filtering capabilities help conduct pre-incident analysis through optimized search of the self-contained Security Data Warehouse™ (SDW) log repository.
      • LME's Event Explorer can be used for troubleshooting, user-activity tracking and forensic investigation, as well as visual analysis.
      • The add-on Trustwave Threat Correlation Services provides additional insight into known attackers and threats to provide a heightened level of situational awareness, enabling organizations to leverage intelligence derived from Trustwave's research to improve their security posture.
    • Blue Computer

      Anywhere Log Management

      • Deployments range from a single appliance to a hierarchical implementation of multiple appliances, aligned with remote geographic sites or to meet separation of data requirements.
      • Logs accepted directly from almost any source or from other Trustwave Log Management appliances.
      • Centralized logging plus event management with SDW, when more than one appliance is deployed.
    • Blue Gears

      Compliance Support

      • Indicators of compliance and policy violations, network health issues and security threats are hidden in terabytes of log data. LME empowers your discovery, remediation and compliance.
      • Satisfies the log management mandate of industry requirements, regulations and standards, including HIPAA, PCI DSS, FISMA, GLBA, COBIT, ISO 27002, NERC CIP and GPG 13.

How It Works

  • Trustwave Log Management Enterprise at a Glance

  • LMA - Screenshot 1

    The Event Explorer feature offers granular search capabilities.

    LMA - Screenshot 2

    Event Explorer can be used for troubleshooting, tracking user activity and investigating forensics, as well as visual analysis.

    LMA - Screenshot 3

    Visually compelling charts provide a simple and intuitive way to analyze log data and take action.

Specifications

  •  

    TS-250

    TS-500

    TS-750

    TS-500

    SIEM Models SIEM-E-50, SIEM-SE1-DA
    SIEM-LME-50
    SIEM-E-100, SIEM-E-250
    SIEM-LME-100, SIEM-LME-250
    SIEM-E-500, SIEM-E-750
    SIEM-LME-500
    SIEM-E-100-SAN
    CPU Intel E5-2620 6 cores 2X Intel E5-2630v2 6 core 2X Intel E5-2658v2 10 core 2X Intel E5-2650v2 6 core
    RAM 32GB 32GB 96GB 64GB
    Disk 4X4TB Nearline SAS
    200GB SSD
    4X4TB SAS
    200GB SSD
    8X4TB SAS
    400GB SSD
    2X1TB SATA
    400GB SSD
    RAID 5 5 5 0
    HBA no no no Qlogic 16GB Dual Port Fiber
    Certifications UL, CUL, TUV, CE UL, CSA, CE UL, CSA, CE UL, CSA, CE
    Online Retention * 5 years 2.5 years (at 100m epd)
    1 year (at 250m epd)
    15 months (at 500m epd)
    10 months (at 750m epd)
    SAN dependent

    * Retention capacity will depend on many factors including source devices and data profile

Resources

  • Documents


  • Videos

    • video thumbnail

      Demo:

      SIEM Log Management