- Acronis
- Aruba Networks
- Assuria
- C2C
- Celestix
- Check Point
- Credant
- Cryptocard
- DESlock
- Exinda
- Extricom WLAN
- ForeScout NAC & IPS
- Imprivata SSO
- InfoGov
- IronKey
- Juniper Networks
- Loglogic
- Lumension
- McAfee
- Mimecast
- Netasq EAL4
- Palo Alto Networks
- Safend
- SecurEnvoy
- Sourcefire
- Stonesoft
- Swivel
- Symantec
- Titus Labs
- Trend Micro
- Vasco
- Verity Systems CESG Degausser
- Wallix
- Watchguard
- 1st Responder Services
- Business Support
- Database Security
- Forensics
- Information Systems Security Assessment
- ISO27001 GAP Analysis
- IT Security Awareness
- IT Security Consultancy
- IT Security Standards Compliance Assessment Service
- Penetration Testing
- Physical Security
- Service Management
- Social Engineering
- Wireless Security
- Web Application Test
SIEM Security Information and Event Management
Security information and event management (SIEM) technology provides real-time monitoring and historical reporting of security events from networks, systems and applications.
SIEM deployments are often funded to address regulatory compliance reporting requirements, but organizations should also use SIEM to improve security operations, threat management and incident response capabilities.
Compliance, Log Management, Security and Fraud Detection
Although compliance drives SIEM project funding, most organizations also want to improve external and internal threat-monitoring capabilities. As a consequence, there are requirements for user activity and resource access monitoring for host systems, and real-time event management for network security. Adoption of SIEM technology by a broad set of companies has fostered demand for products that provide predefined compliance reporting and security monitoring functions, and ease of deployment and support. The primary driver of the North American SIEM market continues to be regulatory compliance. More than 80% of SIEM deployment projects are funded to close a compliance gap. European and Asia/Pacific SIEM deployments have been focused primarily on external threat monitoring, but compliance is becoming a strong driver in these regions as well.
Log management functions have become a more important customer requirement because of the following factors:
- Payment Card Industry Data Security Standards (PCI DSS) requirement for log management
- The usefulness of detailed and historical log data analysis for breach investigation and general forensics
- The ability to employ log management in front of a SEM-focused deployment to enable more-selective forwarding of events to correlation engines (thereby, reducing the load on the event manager and improving its scalability)
Application layer monitoring for fraud detection or internal threat management continues to evolve as a use case for SIEM technology. SIEM technology is being deployed alongside fraud detection and application monitoring point solutions to broaden their scope. These projects have been undertaken by large companies in industry vertical markets, such as financial services and telecommunications, as an internally justified security measure. A number of SIEM vendors are beginning to position their technologies as "platforms" that can provide security, operations and application analytics.
An optimal SIEM solution will:
- Support the real-time collection and analysis of log data from host systems, security devices and network devices
- Support long-term storage and reporting
- Not require extensive customization
- Be easy to deploy and maintain
Ease of deployment, ease of support and log management functions are weighted more heavily than advanced event management functions or the ability to heavily customize an SIEM deployment.
Events Per Second (EPS)
Events Per Second, or EPS, as it is commonly referred to in the world of network security, is a measurement that is used to convey how fast a network generates data from its security devices (firewalls, Intrusion Detection Systems (IDS), servers, routers, etc.), and/or how fast an SEM product can correlate data from those devices.
-
Firewalls < 500 EPS
-
IDS/IPS < 500 EPS
-
Network Switch < 50 EPS
-
Network Server <10 EPS
-
Network Router < 1 EPS
Example EPS
If an organisation had two firewalls, two network switches, one router, and four servers
Firewalls 1000 EPS, Switches 100 EPS, Router 1 EPS, Servers 40 EPS = Total 1141 EPS
Each vendor will measure EPS differently so it is good to get an understanding of their measures to help with the calculations.
SIEM Software
Assuria Auditor measures, manages, and enforces security policies across a wide range of operating systems using a host-to-network view of critical systems and servers. Assuria Auditor's methodology simplifies the creation of system security baselines for users, groups, shares, services, and critical system files, and easily fits in with existing business processes.
For more details on Assuria Auditor
SIEM Appliances
LogRhythm is an enterprise-class application that seamlessly combines Log & Event Management, File Integrity Monitoring and Endpoint Monitoring & Control into a single integrated solution. It is highly reliable, cost effective and easily scalable across any size enterprise. With LogRhythm, you can invest in a single solution to address needs and challenges throughout your organization, whether they are related to compliance, security or IT operations.
For more details on LogRhythm Single Integrated Appliances
LogLogic Open Log Management Collect, normalize, index, store, and search log data automatically with our easy-to-deploy appliances or hosted solutions. Rapidly drill down into log details and create detailed reports with our built-in templates. All LogLogic appliances are run on hardened linux appliances that are designed to offer full log processing and archive based on the amount of Event Per Second (EPS) design.
© Copyright Castleforce 2007-2012. Web design by Theme Group