PRODUCT INFO

The Mazu Ecosystem

PRODUCT INFO

Superior Integration with Networking and Security Solutions

The Mazu Profiler™ system's two-way integration with more than 30 products adds value to the networking and security tools you currently use, including Network Management Systems, Security Incident/Event Management Systems, Identity Management solutions, Intrusion Prevention/Detection systems, Vulnerability Management products, routers, switches, CMDBs, and sensors. These integrations work out of the box. For custom integration needs, Mazu offers a unique API that allows vendors and customers to build their own integrations. Mazu Profiler's extensive integrations allow you to add Network Behavior Analysis into the operational models and management systems you have today or may use tomorrow.

Event Export

When Mazu Profiler exports behavior- and policy-based events to third-party tools, it provides added value for both network security and network operations. Events are typically exported to SEMs for security and NMSs for operations. This allows network security and operations management teams to continue to use their SEM or NMS as the center of their process; they don't need to learn a new tool to take advantage of Mazu Profiler's behavior analysis. Furthermore, it broadens the intelligence available from tools. For SEMs, Mazu Profiler provides a complete new type of event detection that is behavior-based and driven by either heuristics or policy. This enhances the SEM event correlation, which typically includes only events from fault-centric or signature-based tools. Mazu Profiler radically changes the type of operational events that NMSs can detect. NMSs are focused on network node health events (link up/down, link saturation, high CPU, etc.); with Mazu Profiler, however, NMSs can detect meaningful changes in the traffic traveling through the network nodes and understand the root cause of those changes before they affect users.

Flow API

Mazu Profiler's Flow API enables third-party tools to use Mazu to gain greater context and intelligence about the behavior of hosts, users, interfaces, or applications on the network. This allows tools such as SEMs and NMSs to identify the root cause of an event, or to understand the event mitigation’s impact to business. It also allows third-party tools to use Mazu Profiler’s knowledge of real-time, historical, and typical network behavior.

External Links

External links allow Mazu Profiler users to use third-party tools and data from within the Mazu Profiler UI. These integrations often remove manual steps to improve operational efficiencies. For example, Mazu Profiler user can quarantine a host using an external link to TippingPoint. This eliminates the need to take the traffic definition discovered within Mazu Profiler to TippingPoint by hand and copy/paste or type it manually.

Mazu Integrations

Security Event Management (SEM) & Log Management (LM)
Mazu Profiler and your SEM system can send events to each other so you can choose a single system to be your main point of monitoring. The Mazu Profiler Flow API supports deeper, functional integration enabling operators to launch Mazu Profiler queries from within the SEM interface.
Network Management Systems (NMS)
Mazu Profiler can send security and operational events to your NMS. Through the use of the Mazu Profiler API traditional NMS systems can provide traffic flow context from within the NMS GUI. The integration expands the capability of your NMS by providing security and network alerts based on Mazu Profiler's behavior analysis of network traffic.
Vulnerability Management (VM)
Mazu Profiler enables intelligent vulnerability scanning through integration with leading VM solutions. Hosts can be scanned when they first appear on the network or when their behavior deviates from what is typical. The integration with VM solutions also enhances the incident response workflow by providing host scan results within the Mazu GUI.
Network Equipment
Mazu Profiler uses flow data (NetFlow, IPFIX, sFlow, JFlow) from your routers and switches. This means there are no inline devices or agents that need to be deployed. Therefore, deployment of Mazu Profiler is rapid and cost-effective and leverages the existing network infrastructure. Mazu Profiler also supports mitigation actions using the existing network equipment via SNMP or uPRF.
CMDB
Mazu Profiler can provide valuable information to CMDB including details on users, hosts, and applications, as well as their dependencies and behavior changes. This enables enterprises to have highly accurate details on the composition of their networks. Mazu Profiler can also create a database of assets used to verify and improve current configuration records.
Probes
Mazu Profiler integrates with a number of probes to deliver additional data, such as layer 7 and packet content capture, to enhance behavior- and policy-based analysis.
Intrusion Prevention Systems (IPS)
Mazu Profiler integrates with IPS to provide a more granular enforcement point for security mitigation. Mazu Profiler sends information about the host and action (e.g. quarantine host, rate limit traffic, block) to the IPS.
Identity Management
Mazu Profiler integrates with directory, DHCP, and DNS services to provide a complete view of network usage by system name, MAC address and user, in addition to the IP address available from flow data. This more comprehensive data provides quick access to information by user and enables more precise automated definition of typical behavior.

Read more about the technology partners Mazu Profiler integrates with.