SearchInform Officially Announces Launch of Propietary SIEM
22.11.2016Back to news
On 22 November 2016, SearchInform announced the launch of SearchInform Event Manager, a completely new system used to detect threats and information security policy violations through the analysis of corporate system events.
A great many of data sources makes it almost impossible to control manually all events in IT infrastructure of a company. There is a risk to miss some incident (especially, when it occurred after a series of events from different sources), fail to detect or determine the incident cause. SearchInform Event Manager is aimed to solve these issues.
SIEM is a system used to collect, monitor, and analyse in real time security events from various corporate systems. The software collects data from various sources, analyses it, then fixes incidents and notifies concerned parties about them.
SearchInform Event Manager stores all incidents in the own database, which allows generating reports and running search within all the system operation period. The symbiosis of SearchInform Event Manager and SearchInform Data Leak Prevention allows you to drill down violations and anaylse incidents into the tiniest particulars.
<img class="aligncenter wp-image-883" src="http://searchinform.com/uploads/sites/2/2016/11/2016-11-23_12-04-07-1024x563.png" alt="2016-11-23_12-04-07" width="730" height="402" srcset="https://searchinform.com/uploads/sites/2/2016/11/2016-11-23_12-04-07-1024x563 you can try these out.png 1024w, https://searchinform.com/uploads/sites/2/2016/11/2016-11-23_12-04-07-300x165.png 300w, https://searchinform.com/uploads/sites/2/2016/11/2016-11-23_12-04-07-768x422.png 768w, https://searchinform.com/uploads/sites/2/2016/11/2016-11-23_12-04-07-303x167.png 303w, https://searchinform.com/uploads/sites/2/2016/11/2016-11-23_12-04-07.png 1189w" sizes="(max-width: 730px) 100vw, 730px" />
The system’s sources of events are logs of Active Directory, Windows Event Log, antiviruses, Exchange mail server, DBMS, operations with files in the file servers and user computers. The list of sources is to be extending.
The program can give the first results immediately after the installation as it has a wide range of pre-set rules and is supplied off-the-shelf. Yet, if a client wants to create own rule in the system, SearchInform experts will help to do it.
“We started development of SIEM upon our clients’ request. By the end of 2016, some major customers plan to stop using similar solutions of foreign developers and switch to locally produced systems. But good offers from Russian developers are lacking in the market,” said Chairman of the Board of Directors of SearchInform Leo Matveev. “The problem of majority of such systems is complicated customization and operation. We tried to make our system pre-set to the maximum and easy-to-understand for information security officers. The software can work almost out-of-box, and reasonable price makes the product affordable even for mid-sized business. SearchInform Event Manager is a completely new system, not a copy or analogue of what is already presented in the market.”
In the future the company plans to increase sources and pre-set rules for SIEM. The system will be capable to not only analyse data but also control changes in the users’ behavior through correlation analysis. By the end of 2016, there will be developed traffic of network equipment, virtualization environments, terminal servers, and agents of workstation control. The number of supported antiviruses will be increased, NetFlow and Windows connector will be added.