SiEM Capabilities/Component Overview

Fastcom FORTRESS IP Transit Scrubbing, SIEM (Security Information Event Management), Threat Correlation Managed Service.

The Fastcom FORTRESS service overcomes the need for enterprise adoption of sophisticated security technology, and the skilled resources needed to configure and manage. By using this managed service, you are receiving superior Cyber-threat analysis and response at an enterprise-grade level, tailored to your organisational needs, at a very affordable rate.

In fact, many organisations find the cost of DIY security exceeds a managed service, as the only viable way to effectively expand the breadth and depth of an organisation’s security coverage to an acceptable level.

Talk to Fastcom if you would like to:

  • Gain a view on what’s happening in your environment.
  • Shift log monitoring and correlation to us, and use tech staff for more important work.
  • Save money on disparate security solutions.
  • Strengthen your business’s security posture.

Overview

Data aggregation: Log management aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.

Correlation: looks for common attributes and links events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information. Correlation is typically a function of the Security Event Management portion of a full SIEM solution (Based on 100k events Minimum) up to 1M+ logs per day.

Alerting: the automated analysis of correlated events and production of alerts, to notify recipients of immediate issues. Alerting can be to a dashboard, or sent via third-party channels e.g. email.

Dashboards: Tools can take event data and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern.

Compliance: Applications can be employed to automate the gathering of compliance data, producing reports that adapt to existing security, governance and auditing processes.

Retention: employing long-term storage of historical data to facilitate correlation of data over time, and to provide the retention necessary for compliance requirements. Long-term log data retention is critical in forensic investigations as it is unlikely that discovery of a network breach will be at the time of the breach occurring. (Standard Retention is 3 months, longer by request).

Forensic analysis: The ability to search across logs on different nodes and time periods based on specific criteria. This mitigates having to aggregate log information or having to search through thousands and thousands of logs.