The Intellinx Difference – SIEM

The Intellinx Difference – SIEM (Security Information and Event Management) and Log Aggregators

SIEM systems consolidate and analyze logs from various sources including operating systems, middleware, databases, security devices and tools and others.

While Intellinx provides full visibility into internal and external user actions, SIEM tools have no visibility into the data that was actually displayed on the user screen or the user actions on the screen. The visibility of these tools is limited to the information provided by their sources, which typically do not include detailed application information. For example, they have limited visibility into read-only actions which are typically not included in existing logs, and do not track user behavior patterns at the application level.

Intellinx can detect fraud and information leakage attempts much more effectively than SIEM systems. In addition, the user activity logs generated by Intellinx are much more comprehensive than the logs aggregated by SIEM systems. Consequentially, Intellinx enables organizations to comply with various privacy regulations that require monitoring user access to customer sensitive data including user queries that are typically not included in log files.

Lastly, SIEM tools require a full-scale integration project, while Intellinx is available out-of-the-box for monitoring thin-client applications, regardless of whether they provide log files or not.

Criteria SIEM / Log Aggregators Intellinx
Record of user activity/ Visual Replay of user screens No Yes
Full audit trail creation Dependent on existing logs files, which typically do not include vital information. Yes
Visibility to Read-Only actions, such as user queries Depends on whether these actions are included in existing log files. Typically they are not included. Yes
Tracking User Workflow & Behavior Patterns at the Application Level No Yes
Analysis type Typically security event correlation Behavior profiling and analysis, transaction tracking
Business rules Typically security related Full range of anti-fraud rules
Implementation Process Requires integration with existing logs Record/ Replay/ Search provided out-of-the-box
Apply new rules after-the-fact No Yes