The management of IT security incidents is a process that enables companies to
detect incidents against their computer systems and provides support for the organized
elimination of these threats as fast possible. The purpose of incident management
is to provide a solution in time, to handle the situations that developed, thereby
minimizing their impact on business operations. One of the first steps of efficient
incident management is the detection of the incidents, which is an almost impossible
task in the case of firewalls generating several million log entries per day,
intrusion preventing tools, virus protection systems, vulnerability analyzing
and other systems, without very sophisticated and specialized systems.
In general, there is no connection between unrelated systems that would highlight
any log entries that might be related, or that could compare the information generated
by individual tools to the information generated by the rest of the tools. The
nFX SIM|One product of NetForensics is capable of receiving and processing the
log entries of various products. By the analysis of log entries running together
on the central device, it is capable of highlighting events that could not have
been visible on the basis of separate data sets. The automated analyses ensure
that the security staff should are not spending 90% of their working time analyzing
the logs. This opportunity significantly increases the efficiency of both the
security system and the security staff.
nFX SIM|One is capable of generating reports from analyses designed for technicians
all the way through comprehensive summary reports, presentable to management.
In addition to the built-in reporting templates, the user's own Crystal Reports
templates can also be used.
nFX SIM|One redundancy can be implemented at every level of the system, even
if the installations are distributed geographically. The correlations among the
events are assessed in such a manner that the workload distributing system ensures
availability, even if a high volume of log entries need to be processes (for example,
DoS attack): The redundancy among the sites enables the fulfillment of every
task from the second site if the primary site goes down (receipt of log entries,
analysis, reporting and system compliance check).
The robust but also flexible data structure of nFX SIM|One enables the preservation
of data integrity and the fulfillment of the audit and reporting requirements.
There is a separate interface for monitoring the status of the system (System
Health Monitor). It provides accurate, on-line information about the status of
every element, and generates alarms if they malfunction.
Cisco Security MARS is a powerful, highly scalable family of devices used for
the management, monitoring and elimination of threats, by which the customers
can utilize their network and security devices more efficiently.
Cisco Security MARS combines the traditional monitoring of security events with
network intelligence featuring automated threat elimination functions.
It filters out data flowing through several network components (Cisco or other
products), finds the correlations among them, then aborts any attacks
It is capable of stopping attacks in progress and exploring the path of the attack
The dedicated device can be put to use rapidly and simply
It is capable of handling as many as 10 000 events per second
Cisco Security MARS is part of the Cisco Security Management Suite security monitoring
package, which enables the administration and comprehensive implementation of
the security tools of Cisco set protecting networks.
Netforensics Log One
The Log One solution collects the logs, assorts, compresses and encrypts them,
then presents the logs in reports compliance with the rules and audits. nFX Log
One will save your company a large part of costs associated with log collection,
and thanks to its built-in reports, you can forget about the headaches that have
so far been a usual consequence of sophisticated log analysis involving lots of
administration. The recently introduced version 6.0 nFX Log One product carries
on the large company level log management functionality this product has always
been known for, which supports organizations, in meeting all requirements based
on the collected event logs. The new features have been developed mainly owing
to the new architecture, enhanced scalability, including features such as syslog
data collection, extended data collection, compression, validating capabilities,
or even the support provided to 64-bit systems, furthermore, streamlining of the
user interface. The capability that it can collect and interpret logs from almost
every tool and application, elevates the value of log collection to a high level,
and is given a highlighted role in the fulfillment of the audits. With these new
features the nFx Log One solution performs well on any level and extension of
the IT systems of enterprises.
Balabit SysLog NG
BalaBit IT Security is company developing security technology software, which
was established in Hungary and has been operating in the international markets
from the very beginning. The development and sales center of BalaBit is located
in Budapest, in addition, the company also has a German subsidiary in Munich,
which coordinates sales in West Europe.
syslog-ng PE is a multi-platform central logging solution, which includes the
logging client and the logging server as well.
On the one hand, the log analysts prepare reports automatically and upon individual
requests, from which the administrators operating the system can monitor the general
status of the system. The statistics may apply to the peak and average load of
the network connection, the processors or the hard disks, distribution of the
use of certain services and many other features. On the other hand, the log analysts
are also capable of detecting the occurrence of predefined event and sending alerts
on the predefined channels. In fact, the predefined events are intelligence programmed
by the operators by which the analyzing software knows,what are those network
states that, when occurring together, may mean an event giving cause for security
Alerts may take place by the monitoring of specific values, but the more sophisticated,
self-learning systems are capable of sending alerts, similarly to the analysis
of stock market charts, if the shape of certain time diagrams departs from normal.
By the periodically generated reports, the operators of the network can easily
fulfill the documentary requirements of the various audits.
WHY SYNERGON SYSTEM INTEGRATOR?
Synergon has outstanding professional skills not only in the field of incident
management, but as a supplier of comprehensive infrastructure, it is also an expert
for a wide range of solutions to be integrated, which supports the successful
implementation of projects. Thanks to these skills, the individual elements and
the designs requiring knowledge of the correlations can be easily performed.
FREQUENTLY ASKED QUESTIONS
What is the difference between incident management systems and system management
Incident management systems are targeted solutions developed expressly for the
management of security events. Their internal correlation engine has been designed
Is this solution suitable for the development of individual interfaces, alerts
or access levels?
Yes, one of the significant advantages of the solutions recommended by us is
their individual interface, by the customization of this interface we can also
ensure the integration of solutions outside the supported list. When setting the
alerts, we are able to configure the tools by rule, thus the competent person
is always alerted about the given incident, and we can ensure that any information
unnecessary for the company can be filtered out. By the regulation of the access
levels, we can ensure the levels of separation expected in the various audits.
Is this solution suitable for distributed operation and the archiving of the
Yes, that way we can develop the solution even for large IT environments. The
archiving of the events is guaranteed by built-in modules.