From now on, the SSH Protocol is Supported by the SearchInform SIEM

The new connector enables to connect hundreds of Linux and Windows sources.

The connector, which enables to gather data via SSH (Secure Shell) protocol was added to the SearchInform SIEM system in the latest update of the solution. Thanks to this update the SIEM system’s capabilities of customers’ IT infrastructure control were enhanced: any software and equipment with Unix shell, as well as Windows devices and processes can be connected to the SIEM system. The new connector’s coverage of sources can be compared with that of connector for syslog – the most universal data exchange format.

Apart from standard connectors, which gather security events from sources, SSH-connector gets data from devices and software about their current status. Thus, the SSH protocol helps to get data on the state of IT-infrastructure: for example, get details on the CPU or RAM usage etc. This is useful for tracing anomalies in the work processes of devices and programs, which may be the SSH Servers and Clients. Anomalies, in turn, may indicate attacks – the SSH protocol, regarding it’s wide range of capabilities is often exploited by hackers.

The SearchInform’s out-of-the-box solution offers instantly available cross-correlation rules, which are capable of detection of potential problems basing on the data, gathered by SSH connector. The events from SSH connector can be combined with events from other sources with the help of cross-correlation service. Finally, SearchInform SIEM enables to activate automatic response to the detected incidents, including those, which were revealed by the SSH connector. The response is configured by the user beforehand.

“Our SIEM system is practically oriented, it was conceived, among others, as a tool for countering threats. Firstly we implemented the proactive functionality, now we’ve supported the SSH protocol. This is beyond the typical SIEM system functionality and enables customers to get the required tools with no need to purchase additional software.” - told Ricardo Martinez, Regional Business Director and Head of the representation of Latin America at SearchInform.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.