• Integration
• IT Infrastructure Services
• Security
• Security Information & Event Management Solutions

Security Information and Event Management Solutions

Without intelligent centralised management and automated correlation, many companies have found that their security programs have evolved into a complex patchwork of disparate systems that generate an overwhelming flood of data but offer little visibility into true threats and attacks. While this was acceptable in the past, due to increasing regulatory compliance pressures and an ever-evolving threat landscape, companies now are adopting SIEM technology to centrally manage information risk and protect critical IT assets.

Basic components

• High Performance Collection and Processing. The solid foundation of a SIEM system is the collection, normalization, aggregation, and filtering of millions of events from thousands of assets across your network into a manageable stream that is prioritised according to risk, exposed vulnerabilities, and the criticality of the assets involved. The collection layer should be able to handle a huge number of events efficiently without introducing a high load into the network and with the fewest possible changes introduced into the monitored systems (e.g. agentless deployment).




• Low Cost Long-term Archiving. Current regulations and standards often require the archiving of events and incidents for several years. Being able to securely store the events at a low cost while also allowing easy and quick retrieval of data for historical analysis and reporting is more important than ever.




• Real-time Correlation. Many interesting and dangerous activities are often represented by more than one event. Correlation is a process that discovers the relationships between events, infers the significance of those relationships and prioritises them, thus providing a framework for taking action. Such correlation should be done in real time so that incidents can be identified as quickly as possible. Time is of the essence in SIEM.

Advanced Analytics
When events occur that require investigation, SIEM tools provide an array of investigative tools that enable members of your team to drill down into an event to discover its details and connections.
Advanced analytics options include data mining, pattern discovery and visual analytical tools. These tools can help you to identify previously unknown threats (zero-day identification), inappropriate user patterns and otherwise hard-to-recognise low and slow attacks, etc.

Vizualisation and Reporting
Security staff are often confronted with escalated events that require time-consuming analysis for resolution and remediation. S&T’s SIEM offering provides powerful, interactive security management dashboards which allow immediate verification of valid threats.
Briefing others on the status of your network security is vital to all who have a stake in the health of your network, including IT and security managers, executive managers, and regulatory auditors, so reporting on historical events and trends is also a key element of SIEM.

Response with Workflow
The workflow framework provides a customisable structure of escalation levels to ensure that events of interest are escalated to the right people in the right timeframe. Automatic responses are also possible but keep in mind that responses, like attacks, are best made by human beings. SIEM systems help members of your team to undertake immediate investigations, make informed decisions and take appropriate and timely measures to remediate the threats and attacks that have been identified.

Key advantages

• SIEM gives a holistic view of the security status of all relevant IT Services



• SIEM delivers information about, quality of threats, effects of threats on IT Services and compliance status (internal, external, regulatory)



• SIEM helps you to gain more value from your existing security investment



• SIEM helps you to quickly investigate and determine root causes of security issues and breaches, giving you better chance of minimising the costs these events can cause