How does SearchInform SIEM work? - SearchInform

SearchInform security information and event management:

Real-time threat detection

HOW DOES SEARCHINFORM SIEM WORK?

Sophisticated mechanism of SIEM operation boils down to the following algorithm:

WHAT SIEM CONTROLS

SearchInform SIEM supports the following sources of data:

  • Active Directory domain controllers (domain controllers based on Windows Server 2008 R2 or higher are supported).
  • Access to file resources.
  • User activity.
  • Exchange mail servers.
  • Kaspersky antivirus.
  • DBMS (MS SQL).
  • Syslog of hardware and applications.
  • SearchInform DLP.

Currently under development and testing:

  • Network equipment and proxy-server traffic.
  • Virtualization environments and terminal servers.
  • Email captured via mail server integration.
  • Netflow (detecting suspicious network activity, DDoS attacks, etc.)
  • Dynamical dashboards.
  • More antiviruses, DBMS, and mail servers.

PRINCIPLE OF OPERATION: INCIDENTS

The SIEM operation implies processing huge amounts of events and automatic combining of incidents in chains, which allows detecting threats using integrated analysis of all data.

At the input the product receives a list of the most diversified events, and at the output, it returns aggregated and grounded information: statistics, notifications on anomalies, failures, attempts of unauthorized access, disablement of security tools, viruses, suspicious transactions, data leaks, etc. The objective of the software is to reduce the time of incident response.

Incident search algorithms use different methods – from verification of compliance with current information security standards to an intelligent algorithm of anomaly detection. SIEM provides a stable and non-stop control of corporate infrastructure.

TRY FOR FREE
Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.