Security Information and Event Management (SIEM)
SIEM (Security Information and Event Management) based on IBM Qradar technology aggregates event data produced by security devices, network infrastructure, systems and applications. Event data is combined with contextual information about users, assets, threats and vulnerabilities. The data is correlated and analyzed for specific purposes, such as network security event monitoring, user activity monitoring and compliance reporting. The technology provides real-time security monitoring, historical analysis and other support for incident investigation and compliance reporting.
SIEM can also correlate system vulnerabilities with event and network data, helping to prioritize security incidents.
Use Cases Examples
- Detecting threats: Arm yourself with comprehensive security intelligence
- Consolidating data silos: Collect, correlate and report on data in one integrated solution
- Detecting insider fraud: Next-generation SIEM with identity correlation
- Better predicting risks to your business: Full life cycle of compliance and risk management for network and security infrastructures
- Addressing regulation mandates: Automated data collection and configuration audits
- Provides near real-time visibility
- Helps detect inappropriate use of applications, insider fraud, and advanced low and slow threats that can be lost among millions of events.
- Collects logs and events from several resources including security devices, operating systems, applications, databases, and identity and access management products.
- Collects network flow data, including Layer 7 (application-layer) data, from switches and routers.
- Obtains information from identity and access management products and infrastructure services such as Dynamic Host Configuration Protocol (DHCP); and receives vulnerability information from network and application vulnerability scanners.
- Reduces and prioritizes alerts
- Performs immediate event normalization and correlation with other data for threat detection and compliance reporting and auditing.
- Reduces billions of events and flows into a handful of actionable offenses and prioritizes them according to their business impact.
- Performs activity baselining and anomaly detection to identify changes in behavior associated with applications, hosts, users and areas of the network.
- Enables more effective threat management
- Tracks significant incidents and threats, providing links to all supporting data and context for easier investigation.
- Performs events and flow data searches in near real-time streaming mode or on a historical basis to enhance investigation.
- Deep insight and visibility into applications (such as enterprise resource management), databases, collaboration products and social media through Layer 7 network flow collection.
- Helps detect off-hours or unusual use of an application or cloud-based service, or network activity patterns that are inconsistent with historical usage patterns.
- Performs federated searches throughout large, geographically distributed environments.
- Delivers security intelligence in cloud environments
- Provides Soft Layer cloud installation capability.
- Collects events and flows from applications running both in the cloud and on premise.
- Produces detailed data access and user activity reports
- Tracks all access to customer data by username and IP address to ensure enforcement of data-privacy policies.
- Includes an intuitive reporting engine that does not require advanced database and report-writing skills.
- Provides the transparency, accountability and measurability to meet regulatory mandates and compliance reporting.
- Offers multi-tenancy and a master console
- Allows Managed Service Providers to cost-effectively deliver security intelligence using a single console that supports multiple customers.
- Leverages either on-premise or cloud based deployments.