Out-of-the-box solution

300+ preset policies

Install and launch in 2 hours

SearchInform solution in the cloud

 
 

IT infrastructure of a contemporary company is a complex mechanism that includes а multitude of corporate systems: network monitors, antiviruses, applications, databases, operating systems of servers and PCs, Active Directory, Exchange. Technically, any event in the system gets logged (protocoled). But it is impossible to track, analyze, and react timely to all events without an automated system.

SIEM can gather information almost from every source:

  • Event logs of servers and workstations
    Used to control access, compliance with information security policies
  • Network active equipment
    Used to control access and network traffic, detect attacks, notify about errors and network statuses
  • Access control, authentication
    Information system access rights control
  • Antiviruses
    Information about availability, reliability, and validity of antivirus SW, information about infections, virus epidemics, and malware
  • Virtualization environments
    Virtual machines creation, usage, and deletion control

SearchInform SIEM reveals:

  • Virus epidemics and separate infections
  • Attempts to gain unauthorized access to data
  • Account password guessing
  • Active accounts of dismissed employees that had to be deleted
  • Hardware configuration errors
  • Permissible operating temperature abuse
  • Data removal from critical resources
  • Use of corporate resources during off-duty time
  • Virtual machines and snapshots removal
  • Connecting new equipment to IT infrastructure
  • Group policy changes
  • TeamViewer usage, remote access to corporate resources
  • Critical events in protection systems
  • Errors and failures in information systems

SOFTWARE OBJECTIVES

Collection and processing of events from different sources

The sheer number of event sources nowadays is so high that it’s impossible to manually control all events in the infrastructure. And this might lead to the following risks:

  • Overlooking of a security violation
  • Failure to identify details and determine causes (due to event log clearance, etc.)
  • Lack of instruments for event reconstruction

And SearchInform SIEM, as an aggregator of information from different devices, solves this problem. The system unifies the data and provides a secure storage for the data.

Event statistics dashboard

Incident display screen

Event analysis and incident processing in real-time

SearchInform SIEM does not just correlate events, but also evaluates their significance: the system visualizes the information focusing on important and critical events.

Correlation and processing based on rules

A single event is not always indicative of an incident. For example, a single failed logon might be just accidental, however, three or more attempts probably indicate a password-guessing attack. To identify really critical events, SearchInform SIEM uses rules that contain a whole range of conditions and take into account the most diverse scenarios.

Automated notification and incident management

Automated notifications and incident management enable SearchInform SIEM to fulfill its main purpose: Create conditions for information security officers to rapidly respond to incidents. The solution provides automatic detection of incidents.

Advantages

  • Quick implementation without intensive preliminary configuration, the software can start working on the installation day
  • Easy-to-use system, a specialist without IT skills will cope with the program as it doesn’t require knowledge of programming languages to create correlation rules
  • Integration with SearchInform products increases the level of information security of a company and makes it possible to fully investigate the incident and collect evidence base
  • Low hardware and software requirements and reasonable price even for small-sized business
 

Cases

Unauthorized access to corporate email

Administrator of a mail server can reconfigure the system to get access to email of a top manager or other employee. SIEM will promptly react to the incident and notify information security department.

Adding accounts: deactivation, change of name, and simple password

Employees who do not change passwords for a long time or give it to someone else are also at risk. Besides, an administrator can temporarily rename someone’s account and give network access to intruders. SIEM will inform you if it detects such incidents.

Correlation of unrelated data

There are situations when events, seemingly harmless, together can pose great threat. For example, when someone sends a password to a top manager’s account. This event will not attract attention but, if later this account accesses critical resources, the system will alert to the incident.

Detection of unusual violations

One savvy employee was trying to copy client base in an unusual manner. The employee’s account did not have rights to obtain data from CRM. The employee created a new DBMS account and tried to get information directly from the database. One of the SIEM policies managed the access of new accounts to the database, and the system immediately notified specialists about the violation.

PRESET SECURITY POLICIES

Upon the system installation, the information security staff gain access to 300+ ready-made rules – security policies. Users can edit and customize existing rules and create their own policies. Out-of-the-box security policies scan the following data sources:

  • Operating systems
  • Email servers
  • Domain and workstation controllers
  • Linux servers and workstations
  • Firewalls and integrated network security devices
  • Solutions on the 1C platform
  • Other syslog sources
  • DBMS
  • DLP systems
  • File servers
  • Virtualization
  • Environments
  • Antiviruses

Sophisticated mechanism of SIEM operation boils down to the following algorithm:

  • Collecting events from various sources (network hardware, PC, security systems, OS)
  • Bringing heterogeneous data to a common denominator
  • Analyzing data and detecting threats
  • Pinpointing security breaches and sending alerts in real-time mode

SearchInform SIEM collects information from various sources, analyses it, discovers threats,
and alerts the designated info-security staff.

What business tasks does SIEM solve?

IT infrastructure of a today’s company is a complex mechanism that includes many corporate systems:

Firewall
Antiviruses
Applications
Databases
Virtualization environments
Network hardware and other hardware
Email servers
Active Directory
OS servers and PCs

Every system is a source of personal, financial and corporate data that violators aim to obtain.

The company can be endangered both by actions of system administrators (unauthorized granting of access rights, creation or deletion of accounts, firewall disabling) and by vulnerability of the products through which violators can get access to a company’s data.

 

SIEM accumulates information from different sources, analyzes it, detects incidents, and notifies about them

Operating principle of SearchInform SIEM is its algorithm:

Step 1

Collecting events from different sources:
network hardware, PCs, security systems, OSs

Step 2

Analyzing data and making corellations,
detecting incidents

Step 3

Remembering incidents and notifying in real time

Sign up for a free trial