SIEM Plan

 

What is SIEM?

SIEM, or Security Information (and) Event Management, is a branch of IT security derived from log centralization. SIEM's goal is to correlate, detect and report security incidents.

The Energy Logserver in the SIEM plan is a powerful tool that is able to detect, alert and indicate threats inside IT architecture. It has an advanced internal system for calculating the weight of incidents which can be assigned to users. This means that the Energy Logserver SIEM not only detects incidents, but can analyze them in terms of priority.

In order to detect suspicious activity like intrusion attempts, anomalies detected, misconfigured applications and unauthorized user actions we corrlate all sort of log sources.

Energy Logserver SIEM plan is based on the architecture of the central server and optional agents. Data is analyzed and matched to the security schemes. Application provides access to a rich base of predefined correlation rules and visualizations, which allows you to start working immediately with Your SIEM Plan.

Log Analytics
Strong integration with various data sources provides the necessary monitoring and response capabilities. ELS SIEM plan will help You to collect, aggregate, index and analyze security data.
Compliance

Energy Logserver with SIEM plan ensures compliance with many important regulations and safety standards. Extensive functionality, scalability and support for multiple platforms allows the organization to meet technical requirements for compliance with the required standards. The system provides ready-made reports and visualizations for such regulations as: PCI DSS, GDPR, CIS, GPG13.

Incident Response
Energy Logserver in SIEM plan provides prepared sets of active reactions to handle detected threats. For example - block access to the system from an infected source if the defined criteria are met. It can also be used to run remote commands and scripts for integrated solutions, identify IOC and current incident investigation and response.
Intrusion Detection
Optional agents scan monitored systems for malware, rootkits and suspicious anomalies. Agents allow or make easier to detect hidden files, masked processes and unrecorded listings in the network as well as inconsistencies in the response to system calls.
Security Analytics
ELS SIEM plan receive logs from operating systems and applications and then analyzes them with usage of a large database of predefined rules. With that this tool is able to find system and application errors, wrong configurations, attempts and successful attacks, security policy violations and a number of other security-related problems.

Cloud security
SIEM plan of Energy Logserver allows you to watch over the cloud environment from the API level. This is possible due to the use of integration modules that collect security data from clouds provided by Amazon AWS, Microsoft Azure, or Google Cloud. Tool also provides a set of rules to assess the configuration of the cloud environment in terms of catching potential security holes.
File Integrity
The application monitors selected files - supervises changes in content, permissions, properties and file attributes. Every change in both data and metadata of file is detected by the ELS system and reported.
Vulnerability Detection
ELS SIEM plan correlates data from the monitored environment with constantly updated CVE (Common Vulnerabilities and Exposure) databases to identify potential vulnerabilities and exploits in the system. An automated resilience assessment allows you to find weaknesses in resources and help you take appropriate corrective actions.
Configuration Assessment
ELS monitors applications and systems settings in order to confirm their compliance with the accepted rules and safety standards. If installed, agents perform scans on a scheduled basis to detect software that may be potentially susceptible, out of date, or misconfigured.