V2-SIEM Information Security Concentration Monitoring System
![](https://smartpro.vn/images/news/20220826/images/Capture(3).JPG)
INTRODUCTION
V2-SIEM Information Security Concentration Monitoring System is a solution to help detect and prevent attacks without affecting system performance. For attack detection, the system allows passive monitoring of the network connection using a dedicated data extraction device (Network-Tab) or using the Span port on the Switch (these require partial sharing). Switch resources). The system also provides other important functions such as behavioral attack detection; the ability to store system logs offline, allowing the system to store logs for a long period of time, depending on hardware capacity, and allow recovery when needed; ability to send system logs to other central monitoring system (SIEM) and some other features.
SYSTEM FUNCTION
1. Real-time log collection and management
- The system allows to collect logs from different sources:
- Network devices, security devices such as Router, Switch, Firewall/IPS/IDS, Sandbox, WAF, Network APT...
- System servers (both physical and virtual) on different platforms: Windows, Linux, Unix, ...;
- Applications: Applications serving system operations: DHCP, DNS, NTP, VPN, Proxy Server…; Applications providing services: Web, Mail, FPT, TFTP and database management systems Oracle, SQL, MySQL, ...;
- Terminal devices: User computer, printer, fax machine, IP Phone, IP Camera, ...;
- point on the line: The edge monitoring point at the connection interface of the edge router with external networks; monitoring points in each network area of the system.
- Automatically normalize log
- Automatically normalize log types received from devices and applications.
- Automatically update new log formats from the Cloud.
2. Network attack detection
- Network attack detection relies on analysis of Web application access logs.
- Malicious domain query detection based on DNS query log analysis.
- Detect connections to malicious IP addresses based on analysis of connection logs of devices and operating systems.
- Automatic updates from the Cloud for web application attack detection, list of malicious domains and addresses.
3. Processing, correlation analysis - Behavior Detection
- Allows setting up rules to automatically correlate multiple log sources to detect network attacks.
- Detect anomalous behavior to accurately detect attackers and attack targets based on the ability to automatically analyze warnings received from the system.
- Allows the administrator to set up a set of rules to detect anomalous user behavior and abnormal network connections on the system.
- Set up available rule sets to detect the following behaviors:
- Hacker's network scanning behavior
- Attack behavior from a source address when performing different types of network attacks to the protected system
- Web application attack behavior
- Acts of attack malicious code, malware
4. Threat Intelligence Integration
- Integrated Threat Intelligence function.
- Update Threat Intelligence data from the Cloud.
- Automatically update BlackList (IP, Domain, Hash) for SIEM from Threat Intelligence data.
- Allows information to be shared with other Threat Intelligence systems.
5. Vulnerability Management Integration
- Integrated information security vulnerability management function.
- Automatically warn when detecting information security weaknesses in the system.
- Allows setting virtual patch policy to protect the system.
- Integrate the function of looking up information about vulnerabilities and weaknesses.
6. Alerts and automatically prevents attacks
- Automated attack alerts via SMS, Email...
- The system provides interoperability with network devices (Cisco Router – Juniper, Fireall Cisco PIX – ASA, Firewall Check-Point, Firewall Fortinet...), Security devices (Firewall, NAC, IDS, IPS) and operating systems (Windows Server 2008, 2012, Linux Centos, Fedora, Ubuntu, Debian, Linux Transparent Firewall ...) to perform network attack prevention.
- This capability allows the system to prevent network attacks without affecting the operation and performance of the system and does not require installing Agents on devices or servers.
![](https://smartpro.vn/images/news/20220826/images/1(1).JPG)
7. Incident investigation and analysis
- Allow correlation rules writing
- Allow detection and investigation of attacks and incidents.
- Enables in-depth Log Analysis for each information field.
- Enables incident analysis and investigation through an intuitive interface.
8. System Administration Function
- The Dashboard function allows administrators to have an overview of the system, including:
- System status (CPU, RAM, HDD, NETWORK...)
- Statistics of the number of attacks over time
- Statistics list of attack source IP addresses
- Statistical list of hacked destination IP addresses
- Information about detected attacks on the system
- The Event Map function allows real-time visualization of network attacks.
- The report generation function allows administrators to create customized reports according to specific conditions in different formats.
- System Settings Management
- Manage system administrator accounts (User management)
- Manage system software updates from the Cloud (IPS Update)
- System Status Information
- Manage activity logs on the system (Local logs)
- System administration through Console and SSH
SERVICE PACKAGES
FUNCTION
|
SIEM BASIC
|
SIEM ADVANCE
|
SIEM PRO
|
SIEM PRO+
|
Real-time log collection and management
|
X
|
X
|
X
|
Custom
|
Network attack detection
|
X
|
X
|
X
|
Custom
|
Processing, correlation analysis - Behavior Detection
|
X
|
X
|
X
|
Custom
|
Automatically warn and prevent attacks
|
|
X
|
X
|
Custom
|
Incident investigation and analysis
|
|
X
|
X
|
Custom
|
Manage and coordinate attack handling through the Ticket system
|
|
X
|
X
|
Custom
|
Integrated Threat Intelligence
|
|
|
X
|
Custom
|
Information security vulnerability management
|
|
|
X
|
Custom
|
Log stored for 1 day
|
3G
|
10G
|
30G
|
Custom
|