SIEM class systems (Security Information and Event Management) enable to combine logs relating to events, threats and risks and offer immediate response to incidents, seamless management of logs and advanced reporting mechanisms. They enable to aggregate, correlate, evaluate and prioritise security events which originate from IT systems. The fast data processing and management architecture allow to effectively combine many functionalities in one solution and to control the whole process from one console. It features advanced mechanisms of security management logics, quick incident response time, seamless log management and extensive reports on the compliance with regulations.
A SIEM class solution may be implemented in the local MSSP model, where all the system is installed in the client’s location.
Key benefits of SIEM
- System Administration enables to pass from general data to details and ultimately to view individual packages received by the SIEM system. SIEM has an embedded editor for the creation of correlation rules.
- Real-time information access. The SIEM system allows to obtain results of an analysis of terabytes of data without unnecessary delays. Not only a statistical analysis is possible but also the correlation of information based on predefined rules for incident search.
- Real-time access to event details. The SIEM system enables both access to general statistics and insight into specific logs and events.
- Advanced correlation of data. Search for patterns and departure from base lines in reported events, network activities and databases, and even in the content transferred by various applications operating in the network. This feature ensures better and faster search of traces of threats, attacks, loss of data and fraud connected with protected resources of the organisation.
- Analysis of network flows.
- Analysis of application traffic and using application data in correlations of events.
- Nearly 300 pre-defined sources of data and ready to use correlation rules and report templates. For sources not having ready parsers rules supporting the events can be created.
- Scalability. Possibility of using millions of events per second from dispersed sources, without loss of processed information.
- Accuracy of reporting. Detailed reporting based on data originating from any sources of information: logs, events generated by operating system, applications, agents operating on servers and terminals, network flows, databases, user identification systems, etc.
- Ensuring invariability and integrity of collected information of events. The system allows to record and manage original events transmitted from the sources and ensure their context search and compression.
- Management of original logs.
- Long-term data availability. The SIEM system allows insight both into incoming data and historical data which were accumulated earlier.
- Event context. The SIEM system analyses collected data also in relation to the context in which there were generated. It is possible thanks to the addition to the collected data of information concerning vulnerabilities, user data, location, reputation, risk level, etc.
- Flexible reporting. The system generates reports on the basis of embedded templates and definition as well as any criteria specified independently by SIEM administrators.
- Pre-defined alarms, reports and dashboards.
- SIEM system integration with other security solutions.
- Combining correlation with GTI reputation systems. A functionality which permits to take into account the correlation the context resulting from the assessment of the risk of the source or connection recipient. The GTI base collects and processes data obtained from both passive systems of the honey pot type and from information about detected attacks transmitted by hundreds of thousands of sources dispersed throughout the world. The constitute an extremely valuable addition to the analysis of events carried out by the SIEM system.
Talk with an Expert
Speak with a solutions expert or architect. Give us a call or leave a message. Our team is ready for your business.