Security Information and Event Management (SIEM)
Network Professional Services supply and recommend a range of SIEM tools ranging from those suitable for Small to Medium Enterprise to Corporate solutions.
SIEM is a term for software products and services combining security information management (SIM) and security event management (SEM). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM is sold as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes.
SIEM tools are capable of gathering, analysing and presenting information from:
- network and security devices
- identity and access management applications
- vulnerability management and policy compliance tools
- operating system
- database and application logs
- external threat data
A key focus is to monitor and help manage user and service privileges, directory services and other system configuration changes; as well as providing log auditing and review and incident response.
Our solutions collect, parse, index and store log data from any device, operating systems or applications.
Data is collected from event logs from distributed Windows hosts or syslogs from distributed Linux / Unix / Solaris / AIX hosts, active network elements including switches, routers, UTM's or files generated by any system or application or SNMP traps.
The collected logs are classified by source host, severity and type and then splits them into fields and stored for efficient analysis.
Our analysis engines offer multi dimensional statistics and correlated event detection in real time. Unique integration with ticketing systems provides straight forward incident management and review capabilities.
Pre-defined compliance reports and the ability to define custom reports based on parsed data are available as well as plug-in alert modules directly to a dashboard and/or notify users or other systems when an event matching one or more criteria is generated.
We provide the ability to search across logs on different nodes and time periods based on specific criteria. This mitigates having to aggregate log information in your manually and having to search through thousands and thousands of logs manually.