Security Information & Event Management (SIEM)

> SOLUTION > Security Information & Event Management (SIEM)

Summary
Solution

The Security Information & Event Management Solution is a Security Information and Event Management (SIEM) solution, and works as an aggregate of infrastructure securities that collects logs generated from devices and systems that compose an overall enterprise infrastructure, analyzes their correlation from various perspectives, and detects the symptoms of cyber attacks or threats.

Characteristics

  • - Integrates and provides a threat handling system by collecting logs and real-time correlation analysis.
  • - Provides a real-time monitoring infrastructure construction method by constructing a flexible and powerful monitoring system.
  • - Provides a method to minimize threat response time by suggesting an automated real-time response method.
  • - Provides a threat detection method that can be relied upon by associative cooperation with other solutions.
  • - Provides a quick response and security enforcement method through cooperation by workflow management.
Expected Effect
- A company is currently exposed to an internal information access threat by internal or external unauthorized
  • Using ArcSight ESM (or Express) it is possible to monitor the activities of all users of the IT infrastructure.

- There is no security measure against new techniques that attempt to access unauthorized information by bypassing an existing security system.
  • Logs from existing security solutions are merged to ArcSight ESM. Through correlation analysis using log information, unauthorized persons are forced to be separated.

- Integrated log management and correlation analysis involves a high burden of construction cost.
  • ArcSight Express provides licenses suitable for various system dimensions by a single hardware specification, and enables a client to construct a solution at a lower cost.

- A company wants to construct a system to collect, store, and search a massive amount of logs.
  • The ArcSight Logger software or appliance product allows an operator to collect/store a massive amount of logs, search, analyze, and monitor in real time.

- A company wants to construct a log collection system that can rapidly collect logs from various heterogeneous systems, and standardize the log format.
  • ArcSight Connector supports the standardization of the log format from hundreds of different source log records, and provides a powerful and flexible toolkit that enables a user to modify a standardized result according to his/her log format.

- A company wants to interwork its real-time monitoring interface with a dashboard of its monitoring center.
  • By providing an appropriate API, it is possible to suggest an interworking method to provide the data needed for real-time monitoring that is suitable to an interface for a user environment.
Deployment Method

Reference Sites

Collected logs from security systems distributed in many affiliate companies, analyzed their correlation, and constructed a system to identify and respond to security threats in all group companies.