Event log management / security information event management (SIEM) is considered an IT best practice, and for regulated industries, an audit compliance requirement. The challenge is how to consistently aggregate, decipher and normalize non-standard log formats; manage massive volumes of event log data for real-time and historic analysis; correlate and consolidate complex event log data to yield actionable intelligence; and maximize event log value to support IT service reliability.
Integrity offers SIEM in a managed security services provider (MSSP) model. Dubbed Integrity Security Incident Management (ISIM) and ISIM Express, Integrity has taken the hassle out of security event and log management. We place a collector at a client site and send data back to our multi-tenant analysis environment. This MSSP model eliminates the costly capital investment of traditional SIEM implementations and reduces implementation from months to hours. It also relieves our clients from the need to recruit and retain security professionals with the expertise to manage such a unique and complex environment.
Supporting multi-vendor device sources and advanced parsing technology, Integrity can collect, parse, correlate and store logs from virtually all IT infrastructure sources. The solution automatically interprets the device type and how to process the event logs as they are received.
- Network activity logs from Firewalls, Routers, Switches, VPN Gateways, Wireless LAN, Web/Mail Security Gateways, and Network IPS
- Network resource utilization and anomaly detection from network flow data
- Server operating system activity logs from Windows, Unix, Linux and virtual machines
- Network infrastructure application logs from domain controllers, authentication servers, DNS and DHCP servers, and vulnerability management servers
- User application logs from web, application, and database servers
The parser intelligently categorizes the source of the log into different device groups such as Firewalls, Routers/ Switchers, Wireless LAN Controllers, Printers, etc. It also groups into various server categories such as Windows, Unix, VMWare, and storage devices.
An advanced analytics engine detects patterns in data over a rolling time window taking into account very complex patterns. This includes combined patterns of network, system, application and user activity. The built-in analytics engine can be easily extended using XML-based definitions. These alerts are reviewed by security engineers and communicated to our clients based on pre-determined risk profiles.
For more information on Integrity's ISIM services, including screenshots of our robust reporting and dashboard features, please select a link below.