SIEM - Security Information & Event Management

SIEM - do you have security intelligence and compliance across your enterprise?
By Paul Rummery, Securenet Consulting

Are you're SIEM solutions struggling to keep up with infrastructure moving to the cloud and more mobile user and device risks - its time for a new proven solution.



Available in Virtual and Hardware Appliances

SIEM tools are powerful reporting systems, that pool data from individual hardware and software systems, contextualise the information to address compliance and management questions. 
Without such tools, these individual systems require a lot of human resource time in compiling and contextualising data into meaningful business and management information, whilst all the while vulnerabilities go unchecked and unprotected.
Security Intelligence Platforms provide a unified architecture for collecting, storing, analysing and querying log, threat, vulnerability and risk related data. 

As a result, operators, analysts and auditors benefit from:
  • Unified collection, aggregation and analysis architecture for application logs, security events, vulnerability data, identity & access data, configuration files and network flow telemetry.
  • A common platform for all searching, filtering, rule writing, and reporting functions.
  • A single user interface for all log management, risk modelling, vulnerability prioritisation, incident detection and impact analysis tasks.
  • Advanced customisable indexing technology enabling vast amount of data to be processed and intelligence extracted.
  • Integration with other network and application data gathering tools
  • Automated tools for meeting audit, policy monitoring for compliance reporting, e.g.  Payment Card Industry Data Security Standards (PCI DSS) .
Regulations define specific traffic and firewall policies that must be deployed, monitored audited, and enforced. Yet many attacks on a network come from inconsistent network and security configuration practices highlighting the need for automated network configuration audits and alerts of policy breaches.

Powerful Risk Management & Threat Modelling Platform

Network Security Configuration

  • Detailed configuration audit helps improve consistency of firewall rules.
  • Security-focused network topology enables automated monitoring of configuration rules.
  • Configuration change notification quickly alerts risky or out-of-compliance configuration.

Network Activity Monitoring

  • Advanced monitoring and analysis of network activity features quickly flag out-of-policy traffic.
  • Fast and efficient search of network activity greatly reduces forensics effort.
  • Intuitive visualisation tool provides interactive analysis of network activity. 

Network / Security Events

  • Analysis of firewall allow/deny events to assess of policy effectiveness.
  • Automated audit of device configuration, after configuration change events, ensures record of the most up-to-date configuration.
  • Advanced asset database leverages information from a wide variety of network/security events and improves accuracy of results.

Vulnerability Scan Results

  • Integrated understanding of network topology helps deliver a prioritised list of vulnerabilities to better assess which systems are most vulnerable to attack.
  • Centralised policy monitoring delivers improved compliance verification.
  • Advanced vulnerability modelling, simulation, and visualisation provides before, during and after assessment of vulnerability risks.

Modelling and Simulation of Network and Security Events

Provides a graphical representations of the network in two visualisations - offering network and security teams a revolutionary investigative capacity by providing before, during and after vulnerability information.
1) the “Network Topology”, delivers detailed views into how network traffic can and does traverse a network. Different than all other network topologies, this insight comes from a unique combination of data sources, including device configuration, network activity data (from flows), and security events (i.e. firewall allows/ denies).

2) the “Connection Monitor” is a fast and efficient tool for investigating and analysing historical network activity. Adding value to these visualisations are network mappings that allow visualisations to assess when traffic can and does occur with specific geographic regions or known high risk networks.



Leverage Cloud Investments

We know many of you have built significant private and public cloud infrastructures and are looking for new virtual workloads to deploy in the cloud.
You can now deploy data collectors virtually, providing more ways to use your cloud environment to gain richer security intelligence.
These Collectors provide continuous event logging capabilities, even when network connectivity is unreliable.  They collect event logs and forward them to an event processor or all-in-one appliance for correlation, analysis and long-term storage.  If network connectivity is lost, they can queue events in a storage buffer and then forward them upon re-connecting.  (We call this “store and forward.”)  In addition to serving locations with intermittent network connections (like naval vessels), event collectors are well-suited for collecting logs in distributed locations with low to moderate event volumes, such as retail stores and satellite offices.  A large retailer, for example, might have hundreds of stores in which they want to collect event data, but the data generated in each location is modest enough that event processors (with terabytes of storage per appliance) aren't required.
You can limit forwarding by bandwidth utilisation (e.g., never consume >1MB/second), and/or set an hourly, daily or weekly forwarding schedule.  In addition, event collectors can filter event data before it is forwarded for correlation, reporting and long-term storage.

---------------------------------------------------------------------------------------------------------------
 
WANT TO LEARN MORE? Contact Securenet Consulting