Reading tracks: The power of log data
Sometimes everything is actually already there - we just have to use it. This is the case with log data, which comprehensively documents what happens in your IT systems. These sources of information can be used to detect critical anomalies of systems and networks in real time and to react in a targeted manner - with Managed SIEM solutions.
Just imagine: The log data shows that your employees log in to the respective systems when they start work. If someone mistypes their password and re-enters it, it is considered normal. The situation is different if an attempt is made to start several password attempts within a very short time. Such a brute force attack would be detected by SIEM (Security Information and Event Management) and an immediate alarm would be triggered.
Managed SIEM: 3 steps for more IT security
- Gather: In SIEM, the log data of all end devices (PCs, laptops and notebooks, servers, routers and switches, virus scanners, firewalls and other network and IT security components) are collected in a central database. You decide how long this data should be archived, depending on the respective security requirements and compliance regulations in your company.
- Evaluate: Which processes are accepted, which patterns are considered conspicuous? The SIEM's artificial intelligence analyses and correlates the data according to the criteria we have defined with you in advance. In this way, special evaluations in connection with compliance requirements (e.g. ISO, BDSG, DSGVO, PCI-DSS etc.) can be configured and created.
- Alert: If the results are critical, you will be informed immediately. All other data is documented in reports that you can use for compliance checks or certification audits.
- less attack surface for current cyber risks in combination with common measures such as IDS/IPS, firewall and virus protection
- rule-based and self-learning system that automatically analyses dangerous trends
- Immediate alert in case of incident
- Strict compliance guidelines (including DSGVO, BSDG, SOX) are fulfilled
- Different SLA levels possible depending on customer requirements
- Customized use cases and report
- reliable operation of the solution in the BSI-certified Security Operations Center (SOC)