Savvius has partnered with IBM and will become a member of the company’s PartnerWorld’s Ready Security Intelligence Alliance with its Savvius Vigil 2.0. The Ready for IBM Security Intelligence Alliance is designed to promote technology collaboration and to expand and enhance security coverage.
Savvius’ Vigil 2.0 is a network forensics appliance that automatically archives suspicious network traffic to assist security analysts’ work flow. This tool will be complemented by IBM QRadar, which consolidates log events and network flow data, producing alerts indicating a potential security breach.
“The products are complimentary in the sense that QRadar is intrusion prevention but only saves that data to the extent that it analyzes it for the sole purpose of producing alerts,” says Jay Botelho, Savvius’ director of product management. “What we do is use the information that QRadar outputs and archive it for security specialists to use.”
Before the integration, Savvius was able to see alerts in a standardized format, but IBM QRadar allows the company to archive the alerts in a more specific way, Botelho says. There are some intrusion detection systems that provide and archive data, and most do it differently than Vigil, Botelho claims. They are different in that they are not selective about what type of data they store, and that means that a security analyst needs to weed through what is relevant and what is not.
“We buffer traffic for five minutes and every alert we see has IP addresses of the communication that generated the alert. Then we go into the packet buffer and look for network packets that caused the problem and archive only those that caused the issue,” Botelho says.
Before Vigil was released 18 months ago, Savvius was primarily involved in network performance monitoring, but it is now expanding into security.
Savvius will also demonstrate its new product, Omnipeek Security, at the Black Hat Conference on Aug. 4. The product is complimentary to Vigil. While Vigil automates the collection of data regarding security issues, Omnipeek Security provides the analytics on the data.