All SenSage solutions are built on SenSage 4, the company's patented columnar based event data warehouse. More than 400 customers have deployed SenSage Solutions to reduce Security, Compliance and Operations risks at a fraction of the cost of traditional security, log management and data warehouse approaches. SenSage also provides new Business Data Intelligence solutions that enable organizations to make better business decisions, dramatically reduce costs, and improve their ability to respond to risk and security threats.
Key elements for the SenSage 4 event data warehouse include:
Data Collection - SenSage has an unparalleled log & event collection layer called the Collector. Data collection, sometimes called Extract/Transform/Load (ETL), is particularly complex for event data due to the lack of standards and huge data volumes. ETL is a key process to bring heterogeneous and asynchronous event data sources together in a homogeneous environment. Through the Collector, customers have out-of-the-box support for over 250 sources (Log Adapters). Log adapters run in an agentless mode, without requiring agents to be deployed on or near the log source. The Collector receives event and log data through a wide variety of protocols including but not limited to: Syslog, Syslog NG, SNMP, FTP, SFTP, SCP, SMB, RPC, SQL*Net/RDBMS, HTTP(S) GET and PUSH. Customization is easy and many customers develop their own log adaptors. SenSage collects data in both real-time stream as well as batch modes - generating alerts respectively.
Real-Time Event Correlation - SenSage 4 includes a highly scalable real-time correlation engine, the Scalable Alert Server (SAS). Correlation is based on the application of threshold and scenario-based rules against multi-source, real-time event streams. The SAS can easily be distributed to support scalable parsing processes for large deployments and has virtually no limit on event rate or volume. While real-time correlation performs dynamic parsing, normalization, filtering, analysis and alerting, a separate data fork of the same unparsed event logs and subsequent alerts is sent to a long-term data repository in a tamper-resistant, raw format. This capability uniquely bridges real-time and historic analysis while maintaining the complete event log for forensic evidence. Further, this allows instant replay visualization - events can be graphically and sequentially replayed.
Columnar Database - SenSage has developed and patented a columnar database architecture approach for event data. Unlike traditional relational database management systems that use a row format, data is organized by column in a single, centralized data repository specifically designed for event data. While the difference may sound trivial, the performance gains are dramatic. Indexes are unnecessary as each column is actually an index, reducing storage and maintenance requirements. Data is compressed at a 40:1 advantage vs. relational databases and stored in a hierarchical series of folders and flat files on each node's local disk. Deployed in a MPP organization, the SenSage Event Data Warehouse easily scales by adding new nodes and takes advantage of new hardware features such as multi-core processors and faster local drives. To maintain constant availability, backup copies of each node's data are stored on another node for data redundancy and automatic failover. With SenSage, organizations can easily query years of data from multiple sources at any detail level to support their business requirements.
Reporting Abstraction Layer - SenSage IntelliSchema provides cross-source and cross-vendor reporting, and new data sources can be easily added with no SQL changes. It was designed to give customers the ability to expand their solution footprint on the fly, adding new sources, new reports and analyses, without any changes to their data schema. IntelliSchema collects all the data, parses it for analysis, and easily incorporates custom data sources in both the collection and reporting processes. There is no need for complex indexed searches. Customers can adapt to new threats and new regulations without major upgrades or services engagements and there is no need for involving DBAs.
Management Console - The SenSage management console, called the Analyzer, provides a state of the art user interface to SenSage business analytics, reports, real-time and batch alerts, and administration functions. Report wizards enable non-technical users to create new reports, dashboards, and ad-hoc queries in seconds using a drag and drop interface. Exact-match querying across any data column enables easy creation of data aggregation, trending, business and technical level reports through bar, line, and tabular charts. Unlike solutions that use "Google-style" searches, only exact matches are returned. Technical users can use underlying SQL code to further refine and fine-tune reports and queries. External Business Intelligence tools can also be easily incorporated into SenSage analytics.
Administration - GUI-based administrative screens enable easy management of users, privileges, schedules, and reports. SenSage offers robust and secure authentication, administration and access control with multiple security levels down to a very granular degree of control. Authorized users are assigned roles with specific permissions that determine which features, functions, reports and data each user has access to. Role-based filters support granular permissions where users only see data with specific values (i.e., users only see data related to systems they own). Users can install SenSage clients in any geographic location, and the connection between client and server is secure and encrypted.
Analytics - SenSage provides out-of-the-box analytics packages with sets of pre-defined real-time rules, reports and dashboards mapped to common security monitoring guidelines and compliance standards. This offers customers a reduced time to value and immediate visibility into compliance with government regulations and standards, as well as security threats. SenSage currently has suites of reports which include: Foundation Analytics Package (ISO 17799), HIPAA Analytics Package, SOX Analytics Package, PCI Analytics Package and Government Analytics Package that covers FISMA, DCID/3, and NISPOM. SenSage has also expanded coverage to include report packages designed for specific business applications such as SAP, Database, Windows, Oracle, and is developing other industry specific applications.