Security Information and Event Management Solutions

With the number of worms, viruses, hackers and malicious insiders growing each day, organisations are adopting best-of-breed heterogenous security infrastructures to protect themselves. But by pouring millions of dollars into a wide array of security solutions such as antivirus gateways, firewalls and intrusion detection systems, organisations have exposed themselves to a new problem: crippling complexity. Without intelligent centralised management and automated correlation, many companies have found that their security programs have evolved into a complex patchwork of disparate systems that generate an overwhelming flood of data but offer little visibility into true threats and attacks. While this was acceptable in the past, due to increasing regulatory compliance pressures and an ever-evolving threat landscape, companies now are adopting SIEM technology to centrally manage information risk and protect critical IT assets.

Basic components

High Performance Collection and Processing

The solid foundation of a SIEM system is the collection, normalisation, aggregation, and filtering of millions of events from thousands of assets across your network into a manageable stream that is prioritised according to risk, exposed vulnerabilities, and the criticality of the assets involved. The collection layer should be able to handle a huge number of events efficiently without introducing a high load into the network and with the fewest possible changes introduced into the monitored systems (e.g. agentless deployment).

Low Cost Long-term Archiving

Current regulations and standards often require the archiving of events and incidents for several years. Being able to securely store the events at a low cost while also allowing easy and quick retrieval of data for historical analysis and reporting is more important than ever.

Real-time Correlation

Many interesting and dangerous activities are often represented by more than one event. Correlation is a process that discovers the relationships between events, infers the significance of those relationships and prioritises them, thus providing a framework for taking action. Such correlation should be done in real time so that incidents can be identified as quickly as possible. Time is of the essence in SIEM.

Advanced Analytics

When events occur that require investigation, SIEM tools provide an array of investigative tools that enable members of your team to drill down into an event to discover its details and connections.
Advanced analytics options include data mining, pattern discovery and visual analytical tools. These tools can help you to identify previously unknown threats (zero-day identification), inappropriate user patterns and otherwise hard-to-recognise low and slow attacks, etc.

Visualisation and Reporting

Security staff are often confronted with escalated events that require time-consuming analysis for resolution and remediation. S&T’s SIEM offering provides powerful, interactive security management dashboards which allow immediate verification of valid threats.
Briefing others on the status of your network security is vital to all who have a stake in the health of your network, including IT and security managers, executive managers, and regulatory auditors, so reporting on historical events and trends is also a key element of SIEM.

Response with Workflow

The workflow framework provides a customisable structure of escalation levels to ensure that events of interest are escalated to the right people in the right timeframe. Automatic responses are also possible but keep in mind that responses, like attacks, are best made by human beings. SIEM systems help members of your team to undertake immediate investigations, make informed decisions and take appropriate and timely measures to remediate the threats and attacks that have been identified.

Key advantages

SIEM gives a holistic view of the security status of all relevant IT Services
  • including control over administrators and other privileged users
  • helps minimising the insider threat

SIEM delivers information about:
  • quality of threats
  • effects of threats on IT Services
  • compliance status (internal, external, regulatory)

SIEM helps you to gain more value from your existing security investment
  • by better utilising events and logs
  • by helping you to plan your new investments better, targeting security to where it is really needed

SIEM helps you to quickly investigate and determine root causes of security issues and breaches, giving you better chance of minimising the costs these events can cause

The SIEM solutions offered by S&T provide unequalled insight and control of your existing security deployment. They empower your security and network organisations to identify, manage, and counter security threats. They work with your existing network and security investments to identify, isolate, and recommend precise removal of offending elements. They also help maintain internal policy compliance and can be an integral part of your overall regulatory compliance solution.

Why choose S&T?

S&T has an experienced and skilled team of professionals who have many years of experience building security infrastructures. This team is vendor neutral, with excellent long-term cooperation with the market leaders in the security landscape. S&T is able to maintain the required partnership with otherwise competing vendors to ensure up-to-date and integrated support, which is critical to effectively deploy, manage and gain value from a SIEM system in a heterogenous environment.

Security Information/Event Management is not simply a technical tool that is deployed in your environment and then left alone. S&T also has the knowledge and experience to help you to implement the necessary policy and process components, and also to train and support your staff to run a really effective SIEM program in your organisation.

Test us!

We are more than happy to start implementing a Proof-of-Concept (PoC) installation on your premises. Within one week we will be able to demonstrate to you the key components and capabilities of our SIEM offering. A PoC installation normally doesn’t affect your current IT systems at all if we can get access to the logs and events generated by them. Previous PoC installations have also proved to be very helpful from the perspective of identifying what value a SIEM system could offer you.

Insider threat analysis process: