SIEM

SIEM Technology – Security Information & Event Management


Responding effectively and in a timely manner to information security threats requires the continuous, thorough analysis of an enormous number of ongoing events. Without an automated tool to help an enterprise find patterns, filter, clean and analyze all the data that forms the context of an attack, the task of protecting the organization becomes exceedingly complex, time consuming and resource intensive. 

CloudSIEM offers an effective and efficient means to monitor your network 24/7/365- that includes all devices, servers, applications, users and infrastructure components. And it can be done from a central cloud-based dashboard. So, from a "single pane of glass," you can…
Monitor all data center resources using situational behavorial context (correlation) – physical and virtual – anywhere in your enterprise
Receive real-time alerts on security or performance-impacting incidents
Perform forensic risk analysis and audits
Manage security and event logs for historical analysis
Automate compliance reporting
Assure end-user SLAs
 

Cloud Access CloudSIEM gives you information, not just data: LEARN MORE

SIEM Technology

Overview

CloudAccess SIEM technology offers advanced intelligence capable of synthesizing the underlying risks associated with complex distributed attacks on large networks. The system considers the context of each threat and the importance of the assets involved, evaluates situational risk, discovers network inventory and distinguishes actual threats from the thousands of false positives that are produced each day in every network.

CloudAccess SIEM combines data from a wide range of sources and correlates this data to provide control and visibility:

  • Security operations use the SIEM console for attack detection and mitigation
  • Compliance auditors use the reporting dashboard to create forensically accurate reports
  • Management uses the SIEM to plan for and justify budget requests

 

SIEM In The Cloud

CloudAccess SIEM capabilities include:

  • Compliance automation
  • Low level real-time detection of threats and anomalous activity
  • Network, host and policy auditing
  • Contextual network behavior analysis
  • Forensic log management
  • Risk-oriented security analysis
  • Executive and technical reports
  • Scalable high-performance architecture

 

CloudAccess SIEM reduces capital and operational expenses while delivering distinct value by bringing the power of intelligent contextual correlation to bear on your compliance and security management needs. Situational awareness is automatically generated by the CloudAccess SIEM, giving you the visibility necessary to operate a secure and compliant network.

CloudAccess SIEM can address the needs of an expanded group of network sizes. The hierarchical architecture of CloudAccess SIEM engines, CloudAccess Log Management forensic archives, and the CloudAccess Sensors allow seamless communication over encrypted connections to address even the largest and most complex networks.

Real‐time analysis and reporting enable security operations to identify noncompliant devices or policy violations such as changes in device configurations and unauthorized access to secure data. CloudAccess SIEM includes availability and resource monitoring that will let you identify systems that are failing for reasons related or unrelated to security incidents. Services and hosts are available that will trigger an alert in the CloudAccess SIEM console should they become unavailable for any reason, reporting and analytics can be performed to track resource availability over time.

Benefits

CloudAccess Security Information and Event Management (SIEM) tools allow you constantly analyze security data and take needed action when policies are broken:

Active Monitoring Around the Clock. CloudAccess SIEM automates the security monitoring of IT systems and controls in real time, enabling you to identify and respond to anomalies and policy violations quickly and efficiently.

Real Time Reporting. Providing service beyond simple security monitoring, CloudAccess SIEM collects, correlates, monitors and displays data from thousands of events per second in real time. This is essential for government applications and compliance regulations such as PCI-DSS, SOX, and FISMA. With CloudAccess, you have up-to-the-minute reports on your organization's security and compliance health right at your fingertips.

Information Not Just Data. CloudAccess SIEM helps you make sense of the volumes of data that your systems generate. CloudAccess unique capabilities allows you to build highly sophisticated correlation scenarios based on your specific business requirements so you can quickly recognize new trends, attacks, or violations, significantly reducing or eliminating false positives. You can manipulate and interact with real-time graphical information and drill down into historical details ranging from seconds to hours in the past.

Ensures Compliance by Strong Policy Enforcement. What if you could actually respond to incidents as they occur?  CloudAccess SIEM takes policy enforcement to new levels. Automated incident response management enables you to document and formalize the process of tracking, escalating and responding to incidents and policy violations.  CloudAccess provides the ability to create a trouble ticket directly into our helpdesk system. CloudAccess SIEM helps you demonstrate your compliance with internal policies and industry and government regulations such as SOX, HIPAA, GLBA, PCI-DSS, FISMA and others.

Effective Operations and Compliance Platform. CloudAccess SIEM provides the integration and control necessary for effective and efficient security operations. Context‐aware correlation supplies detailed insight to identify attacks and system weaknesses guiding remediation efforts. Real‐time risk-orientated analytics allow operators to quickly identify and investigate incidents using a logical drill‐down structure. Designed from the ground up for the cloud and a multi-tenant environment, CloudAccess SIEM is highly scalable and provides automated notification of critical alarms by eliminating false positive incidents.
Pre-configured compliance reports and the CloudAccess SIEM’s intuitive report wizard make compliance auditing clear, concise and comprehensive. Compliant policies can be enacted as directives, keeping you ahead of compliance management issues.

Fast Deployment. Unlike traditional solutions CloudAccess SIEM is deployed in hours or days (not months) depending on the number of devices to be monitored and services to be deployed.  There is no hardware or software installation required. 

Audit, Compliance and Reporting. Whether you need to meet PCI, HIPAA, SOX, or other  compliance requirements, CloudAccess provides the tools that you need. With out-of-the-box compliance reporting, you can easily and quickly generate reports to meet audit requirements, saving you time, money and valuable resources.

Interoperability.  Designed especially for cloud and for a multi-tenant environment, CloudAccess is completely based on industry standards. With over 3,000 collectors out-of-the-box CloudAccess SIEM can collect, aggregate, analyze and correlate Logs from Windows system, Cisco devices or virtually any other device in your environment with unprecedented interoperability, giving you a customized security dashboard for your specific business requirements.

Reduced IT complexity and cost. As a true cloud-based offering, there are no IT complexities or expensive hardware or software.  All you need is an Internet connection.  CloudAccess will take care of the rest. 

On-Demand Scalable Pay-As-You-Go Service. All You Need Is An Internet Connection. CloudAccess SIEM is a service with a pay-as-you-go, events-per-second (EPS) subscription model.  Unlike expensive traditional models, there are no perpetual licenses or license fees. Neither are there any hardware or software costs. It is simple. After connecting with your devices  CloudAccess SIEM takes care of the rest. All you need is an Internet connection. Software upgrades are automatic. CloudAccess web-based administration provides the security dashboard, reports and analysis tools that you need to monitor and manage your security environment.  Simple, reliable and effective.

Not Just Log Management.  Integrated Modular System Supporting Your Growth. Unlike other products, CloudAcccess SingleSource platform provides a comprehensive suite of products including: Web SSO, SaaS SSO, Identity Management, SIEM and Log Management. Start with SIEM and add other modules later. Manage all your devices from one management console enabling centralized access control.  

Proven Technology. CloudAccess technology has been used in large organizations and government agencies supporting very large numbers of devices.  CloudAccess SIEM is designed for cloud as a multi-tenant, high performance and scalable system based on the latest SOA and web services technologies.  There are no agents to install.
 

Features

CloudAccess SIEM brings all of the power of intelligent contextual correlation to bear for your compliance and security management needs. Situational awareness is automatically generated by the CloudAccess SIEM, giving you the visibility necessary to operate a secure and compliant network. It also provides security intelligence and data mining capacities, featuring:

  • Risk assessment
  • Correlation
  • Risk metrics
  • Vulnerability scanning
  • Data mining
  • Real-time monitoring
     

CloudAccess SIEM uses a SQL database which stores normalized information, allowing strong analysis and data mining capabilities. CloudAccess SIEM is tuned for high performance and scalability of many million events per day.  A partial list of CloudAccess SIEM features includes:

  • Compliance automation
    • Hundreds of canned compliance reports
    • Advanced reporting wizard
    • Forensic auditing console
  • Advanced contextual correlation
    • Network and applications
    • Events and flows
    • Asset inventory
    • Intrusion detection
    • Vulnerability assessment/database
    • Reliable attack detection
  • Drill‐down risk oriented analysis
  • Compliance reports and dashboards
  • Automated asset inventory
  • Availability and resource monitoring
  • Comprehensive incident management system
  • Real‐time analysis and reporting
  • Automated network profile and inventory management
  • Hierarchical, distributed architecture
  • Real‐time attack identification
  • Pre‐installed security and compliance directives
  • Integrated wireless, host and network IDS/IPS
  • Connectors for thousands of event sources
  • Flexible ad customizable dashboards
  • Granular user management
  • Search
  • Real-time alarms

Specifications

Architecture
CloudAccess SIEM and Log Management architecture has three key components:

SENSORS

Sensors are designed for managing security. Each sensor collects a wide range of information about its local environment, then processes this information and coordinates detection/response with the rest of the distributed CloudAccess components.  An individual sensor includes an arsenal of security technology in a single device. The result, the combined capabilities of numerous detection and control points globally visible with seamless compliance management tools available to operations and executive staff.

Sensors are installed on network segments and in remote locations and can be deployed in an agent or agent-less architecture depending on your requirements. They inspect all traffic and detect attacks through various methods, all while collecting information on attack context without affecting network performance.

CloudAccess sensors utilize more than ten expert systems that identify attacks along five different axes:

 

CloudAccess sensors locate both known and unknown attacks in real-time. This is possible because of the integration of learning engine and anomaly detection standard in all products.

Vulnerability detection systems discover and identify latent network threats, correcting them before an attack can occur. This information, stored by the management server, is vital when an attack is in progress. Prior knowledge of vulnerabilities in systems are critical when: assessing the risk associated with an attack, and prioritizing, alerting, and launching countermeasures.

The network information gathered by CloudAccess sensors provide detailed status in real-time in regards to network usage of each host, storing this data for analysis. Every CloudAccess deployment automatically creates a highly detailed usage profile for each element on the network that it is monitoring.

CloudAccess collectors gather the events generated by the CloudAccess Sensors and any external system. Collectors classify and normalize the events before sending them to the CloudAccess SIEM and Logger. In order to support the maximum possible number of applications and devices, collectors use data source connectors (also called collection plugins):

  • Each connector defines how events generated by each device will be collected and normalized
  • Connectors can be configured using a simple configuration file and regular expressions to define the format of each type of event
  • The collector component can be deployed as a standalone system or included in the sensor or SIEM appliance, depending on the performance need

 

THE LOGGER

The logger component stores events as a raw format in a forensically secure appliance. Events are digitally signed and stored, ensuring their admissibility as evidence in a court of law. The logger component allows storage of an unlimited number of events for forensic purposes.
Loggers should be deployed in a fashion that ensures optimal “chain of custody” management. The logger is also capable of supporting encrypted communications from the originating device.  The open VPN client that is included with CloudAccess Logger can be used to create a secure channel for events from host sources.

 

SIEM
The SIEM component provides the system with security intelligence and data mining capacities, featuring:

  • Risk assessment
  • Correlation
  • Risk metrics
  • Vulnerability scanning
  • Data mining
  • Real-time monitoring

 

The CloudAccess SIEM component uses a SQL database, which stores normalized information, allowing strong analysis and data mining capabilities. CloudAccess SIEM is tuned for high performance and scalability.

 

Scalability and Performance - Distributed Topologies and Load Balancing.

For large, distributed networks, multiple SIEM, sensor, collector and logger components can be deployed without limit.  The CloudAccess SIEM architecture supports fully customizable, multi-hierarchical, multi-tenanted deployments enabling data from hundreds of thousands of workstations to be easily monitored and synthesized. Responsibility for analysis and storage of information can be assigned on a per node basis, this enables reporting up to a central system, that in turn provides a global view of enterprise information risk at any given moment from a single console.

SIEM Overview

Contact Us

Request Demo

  • Delivered as a true cloud-based SaaS application
  • Compliance automation
  • Hundreds of canned compliance reports
  • Advanced reporting wizard
  • Forensic auditing console
  • Advanced contextual correlation
  • Network and applications
  • Events and flows
  • Asset inventory
  • Intrusion detection
  • Vulnerability assessment/database
  • Reliable attack detection
  • Drill-down risk oriented analysis
  • Compliance reports and dashboards
  • Automated asset inventory
  • Availability and resource monitoring
  • Comprehensive incident management system
  • Real-time analysis and reporting
  • Automated network profile and inventory management
  • Hierarchical, distributed architecture
  • Real-time attack identification
  • Pre-installed security and compliance directives
  • Integrated wireless, host and network IDS/IPS
  • Connectors for thousands of event sources
  • Flexible ad customizable dashboards
  • Granular user management
  • Search
  • Real-time alarms

Click graphics icon for more details