Central to a SIEM is the collection and analysis of logs from various sources within a network (e.g. server, clients, network devices, firewalls, applications) for security-relevant information and events. Various common log formats are understood out of the box. Furthermore there is always the possibility for additional parsers to normalize custom logs. Information and events from all these areas are aggregated. Risk is identified through the state-of-the-art correlation engine with continuously updated, enhanced and always customized correlation rules and policies.
An effective management of security flaws is enabled. A fraudulent use of the IT and applications, internal fraud and security threats are detected out of millions of events. Our Intelligence Team analyses suspicious events and prioritizes them in terms of business criticality and need for urgency. The number of events reported to a client is reduced to a handful of important incidents.
An effective configuration of the system is achieved through predefined filters, templates and plugins. Thus setting-up is neither time consuming nor resource intensive.