SIEM and SaaS Log Management

REACT is a cloud-based security solution that includes SIEM SaaS SSO Identity Management IAM Log Management and other cloud security components as a unified security solution applying predictive analytics.

SaaS Log Management and continuous log monitoring

The increasing demand for legally accurate records that meet the rising tide of regulatory compliance has driven the need for reliable, forensically secure log storage. Our SIEM log management service is a powerful and innovative cloud-based combination of functionality and service. Industry and government mandates dictate that certain types of data needs to be stored intact for specified periods of time. Corporate governance dictates that given types of records be verifiably destroyed after their storage period is complete. Log-Mgmt

 

Overview

SaaS Log Management is a turnkey solution that works seamlessly with CloudAccess SIEM Log management to provide secure storage and full lifecycle management of event data. CloudAccess Log Management’s cryptographic storage and military‐grade data destruction provide the stability of knowing that you are keeping records in accordance with government policy. With massive internal storage and compatibility with SAN and NAS storage systems, CloudAccess Log Management can manage any volume of data over any span of time. CloudAccess Log Management supports encrypted transport to ensure that the data stored remains unchanged from creation to destruction. CloudAccess Log Management stores events in raw format in a forensically secure appliance. Events are digitally signed and stored ensuring their admissibility as evidence in a court of law. CloudAccess Log Management allows storage of an unlimited number of events for forensic purposes. Log Management can be deployed in a fashion that ensures optimal “Chain of Custody” management, and is capable of supporting encrypted communications from the originating device where that device supports the ability.

Benefits

When you are confident that your compliance and governance requirements are met, you can spend your resources focusing on your core business functions. CloudAccess Log Management is the reliable answer to: meet auditing requirements, perform automated storage and manage destruction of records to fit your policy and regulatory environment so you can get back to business.

You do not need to hire a team of forensic experts to have a high level of protection against mandates or threats. CloudAccess has embedded state-of-the art forensic expertise into Log Management. Data is verifiably collected, maintained and destroyed on your schedule. Included analysis and reporting tools ensure that compliance or legal requirements are easily met including:

  • Full forensic lifecycle management fromcollect ion to storage to destruction
  • Digitally signed and time‐stamped
  • Forensic auditing and analysis tools
  • Military‐grade data destruction
  • High performance architecture
  • Unlimited scalability
  • Digitally signed and encrypted storage ofraw data
  • SAN/NAS interoperability for unlimitedscalability
  • Encrypted log transport
  • High performance data capture

True Cloud-Based Log Management Includes:

Fast Deployment. Unlike traditional log management solutions, CloudAccess Log Management is deployed in hours or days (not months) depending on the number of devices to be monitored and services to be deployed. There is no hardware or software installation required.

Audit, Compliance and Reporting. Whether you need to meet PCI, HIPAA, SOX, or other compliance requirements, CloudAccess provides the tools that you need. With out-of-the-box compliance reports you can easily and quickly generate reports to meet audit requirements saving time, money and valuable resources.

Interoperability. Designed from ground up for cloud and for a multi-tenant environment, CloudAccess is based entirely on industry standards allowing organizations to enable Log Management for any device regardless the location and type. With over 3000 collectors out-of-the-box CloudAccess Log Management can collect your log from a Windows system, Cisco device or virtually any other device in your environment with unprecedented interoperability.

Reduced IT Complexity and Cost. CloudAccess Log Management is a true cloud-based offering. There are no IT complexities or expensive hardware or software required. All you need is an internet connection, CloudAccess will take care of the rest.

On-Demand Scalable Pay-As-You-Go Service, All You Need Is An Internet Connection. CloudAccess Log Management is a service with a pay-as-you-go events-per-second (EPS) subscription model. Unlike expensive traditional models, there are no perpetual licenses or license fees. Neither are there any hardware or software costs. It’s that simple. After connecting with your system logs, CloudAccess Log Management takes care of the rest. All you need is an Internet connection. Software upgrades are automatic. CloudAccess web-based administration allows for automated account management, analysis and reporting.Simple, reliable and effective.

Not Just Log Management, Integrated Modular System Supporting Your Growth. Unlike other products, CloudAcccess’ SingleSource platform provides a comprehensive suite of products to address Web SSO, SaaS SSO, identity management, SIEM and log management. Start with Log Management and add other modules later. Manage all your devices from one management console enabling centralized access control. CloudAccess provides the same cloud philosophy for all modules in the suite. How about SIEM? CloudAccess SIEMcomplements Log Management by specifically identifying security events, correlate these events based on asset value, security risk assignments and type of threat, among other factors to eliminate false positives, allowing you to focus on real security risks and events.

Proven Technology. CloudAccess technology has been used in large organizations and government agencies supporting very large numbers of devices. CloudAccess Log Management is designed for cloud use as a multi-tenant, high performance and scalable system based on the latest SOA and web services technologies. There are no agents to install.

Features

CloudAccess Log Management is a forensically‐secure solution to long term storage of raw log data.

  • Digital Signatures ensure data that comes out is the same that went in
  • Encrypted Transport ensures chain‐of‐custody of log data
  • 10:1 Compression saves valuable space
  • SAN/NAS Interoperability allows for limitless scalability

In addition CloudAccess Log Management features:

  • Compliant data storage
  • Unlimited scalability
  • Seamless integration with SAN and NAS
  • Automated storage reports
  • Analytic tools for forensic investigation
  • Ability to run detailed quarries across years of data
  • Data security time‐stamped
  • Data digitally signed
  • AES 3DES Encrypted transport
  • Military‐grade data destruction
  • High Performance Optimized for high‐capacity data storage and retrieval
  • Stability and Reliability
  • 7×24 Support
  • Data feed for continuous updates
  • Redundancy and high availability

Specifications

Architecture

CloudAccess SIEM Log Management architecture has three key components:

SIEM

SENSORS

Sensors are designed for managing security. Each sensor collects a wide range of information about its local environment, then processes this information and coordinates detection/response with the rest of the distributed CloudAccess components. An individual sensor includes an arsenal of security technology in a single device. The result, the combined capabilities of numerous detection and control points globally visible with seamless compliance management tools available to operations and executive staff.

Sensors are installed on network segments and in remote locations and can be deployed in an agent or agent-less architecture depending on your requirements. They inspect all traffic and detect attacks through various methods, all while collecting information on attack context without affecting network performance.

CloudAccess sensors utilize more than ten expert systems that identify attacks along five different axes:

CloudAccess sensors locate both known and unknown attacks in real-time. This is possible because of the integration of learning engine and anomaly detection standard in all products.

Vulnerability Detection systems discover and identify latent network threats, correcting them before an attack can occur. This information, stored by the management server, is vital when an attack is in progress. Prior knowledge of vulnerabilities in systems are critical when: assessing the risk associated with an attack, and prioritizing, alerting, and launching countermeasures.

The network information gathered by CloudAccess sensors provide detailed status in real-time in regards to network usage of each host, storing this data for analysis. Every CloudAccess deployment automatically creates a highly detailed usage profile for each element on the network that it is monitoring.

CloudAccess collectors gather the events generated by the CloudAccess Sensors and any external system. Collectors classify and normalize the events before sending them to the CloudAccess SIEM and Logger. In order to support the maximum possible number of applications and devices, collectors use data source connectors (also called collection plugins):

  • Each connector defines how events generated by each device will be collected and normalized
  • Connectors can be configured using a simple configuration file and regular expressions to define the format of each type of event
  • The collector component can be deployed as a standalone system or included in the sensor or SIEM appliance, depending on the performance need

THE LOGGER

The logger component stores events as a raw format in a forensically secure appliance. Events are digitally signed and stored, ensuring their admissibility as evidence in a court of law. The logger component allows storage of an unlimited number of events for forensic purposes.

Loggers should be deployed in a fashion that ensures optimal “chain of custody” management. The logger is also capable of supporting encrypted communications from the originating device. The open VPN client that is included with CloudAccess Logger can be used to create a secure channel for events from host sources.

SIEM

The SIEM component provides the system with security intelligence and data mining capacities, featuring:

  • Risk assessment
  • Correlation
  • Risk metrics
  • Vulnerability scanning
  • Data mining
  • Real-time monitoring

The CloudAccess SIEM component uses a SQL database, which stores normalized information, allowing strong analysis and data mining capabilities. CloudAccess SIEM is tuned for high performance and scalability.

Scalability and Performance – Distributed Topologies and Load Balancing.

For large, distributed networks, multiple SIEM, sensor, collector and logger components can be deployed without limit. The CloudAccess SIEM architecture supports fully customizable, multi-hierarchical, multi-tenanted deployments enabling data from hundreds of thousands of workstations to be easily monitored and synthesized. Responsibility for analysis and storage of information can be assigned on a per node basis, this enables reporting up to a central system, that in turn provides a global view of enterprise information risk at any given moment from a single console.

    SEE            READ            TRY       

Read more about CloudSIEM