Advanced threat management is achieved from security devices, as well as sFlow and NetFlow data. Security device information gives information on attacks, vulnerabilities, malware and account information.
sFlow and NetFlow data provide anomaly information on traffic and ports being used within the organization. Relationships are understood from AccelOps auto-discovery to map the applications to devices. Machine Intelligence Database classifications allow for complete understanding of infrastructure applications, business service and compliance mappings. Statistical Anomaly Detection uses baseline information to understand what is running on a device, port, protocols in use and who is communicating to the device.
CPU, disk, memory and network performance is also tracked to find anomalies and malware. Threat feeds from several online sources are also utilized and updated on a user-defined frequency in order to detect any malicious activity. Advanced rules are based upon device and rule groups to facilitate monitoring dynamic cloud environments such as Amazon (AWS) and Google (Compute).
Multi-tenant capabilities allow for service providers or enterprises to cross-correlate multiple organizations or locations from a single visual interface.