A security event management solution (SIEM) is unique in centrally storing security events from diverse systems and performing event correlation (when several at first glance unrelated security events are linked together and a security breach is revealed). Centralised accumulation of information makes it possible to monitor all infrastructure and react to specific events (such as connections to systems without the required rights, attacks, infections, access to critical systems, and so on), while the help of correlation significantly reduces the number of events that require attention. Moreover, correlated events better reflect the true intents and consequences of an attack.
Before deploying the solution, we’ll identify your organisation’s sensitive systems and design a scheme indicating the devices from which it’s important to gather information for security purposes.
After deployment, system logs for events, operating systems, databases and applications will be centrally compiled and stored for a specified length of time (up to several years, usually, depending on your needs and possibilities).
We use McAfee products to implement this solution.