Effective management of your security events requires a SIEM solution
Security events can help prevent and detect attacks on your network or system. Each application, system or device generates and records events in a file. Several types of events can be logged, including application events, system events and security events.
Once a hacker has compromised a system or network, he deletes the evidence to make the investigation very difficult. This evidence can be log files, executables, etc. CAPTOSEC helps you protect these files by implementing mechanisms to authenticate the source, encrypt and remotely backup security event log files.
Our experts and specialists can help you with :
- Collection of security events from different sources (applications, systems and peripherals)
- Correlates and centralises security events
- Alerts administrators or security manager depending on severity
- Provides a graphical web interface for monitoring security events
- Secure backup of security log files on remote servers
- Shows how to mitigate security risks
We use tools, technologies and software such as Syslog, Syslog-ng, OSSEC, SNMPv3, Elasticseach, Kibana, Logstash, Logcheck and others. We can also deploy solutions such as AT&T Cybersecurity USM, Splunk and LogRythm in collaboration with strategic partners.
- Log retention policy in compliance with regulatory requirements
- SIEM solution requirements
- List of event sources and security logs
- Implementation of SIEM solutions (OpenEYES, others)
- Process for logging and securing security logs
- Updating licences, signatures and security rules
- SIEM supplier selection criteria
- SIEM tuning
- Reporting attacks and incidents
- Proactive detection of sophisticated threats and attacks
- Compliance (e.g. PCI-DSS)
- Improved network and system security visibility
- Collection of IOCs and evidence for investigative purposes
- Improved incident response process