The Intellinx Difference – SIEM (Security Information and Event Management) and Log Aggregators
SIEM systems consolidate and analyze logs from various sources including operating systems, middleware, databases, security devices and tools and others.
While Intellinx provides full visibility into internal and external user actions, SIEM tools have no visibility into the data that was actually displayed on the user screen or the user actions on the screen. The visibility of these tools is limited to the information provided by their sources, which typically do not include detailed application information. For example, they have limited visibility into read-only actions which are typically not included in existing logs, and do not track user behavior patterns at the application level.
Intellinx can detect fraud and information leakage attempts much more effectively than SIEM systems. In addition, the user activity logs generated by Intellinx are much more comprehensive than the logs aggregated by SIEM systems. Consequentially, Intellinx enables organizations to comply with various privacy regulations that require monitoring user access to customer sensitive data including user queries that are typically not included in log files.
Lastly, SIEM tools require a full-scale integration project, while Intellinx is available out-of-the-box for monitoring thin-client applications, regardless of whether they provide log files or not.
|Criteria||SIEM / Log Aggregators||Intellinx|
|Record of user activity/ Visual Replay of user screens||No||Yes|
|Full audit trail creation||Dependent on existing logs files, which typically do not include vital information.||Yes|
|Visibility to Read-Only actions, such as user queries||Depends on whether these actions are included in existing log files. Typically they are not included.||Yes|
|Tracking User Workflow & Behavior Patterns at the Application Level||No||Yes|
|Analysis type||Typically security event correlation||Behavior profiling and analysis, transaction tracking|
|Business rules||Typically security related||Full range of anti-fraud rules|
|Implementation Process||Requires integration with existing logs||Record/ Replay/ Search provided out-of-the-box|
|Apply new rules after-the-fact||No||Yes|