APKSIEM

Security Information and Event Management System (APK SIEM)

In security operations center (SOC), advanced and up to date software called security information and event management system (SIEM) is used in order to utilize an intelligent and process-oriented mechanism for security event monitoring, and corrective and preventive action application against probable security attacks. In other words, SIEM is the brain of SOC. Therefore, selecting a product appropriate to the client requirements is very important for SOC success and effectiveness.

Considering the key position of IRI in the region and the world, and the necessity of cyberspace security, especially in vital and strategic areas, APK experts in line with the strategy of supporting domestic production and localizing the security products of IT field, have provided a localized security information and event management system, using their experience in major security projects of the country, in the form of following four modules:

SA (Smart Agent)

NBA (Network Behavior Analysis)

LCE (Log Correlation Engine)

LM (Log Manager)

This product has surpassed the security standards and evaluations of the competent authorities so that it was elected as the remarkable achievement in the third IT managers national conference.

What is SIEM?
Security Information and Event Management
SIEM is a software product and service which is used in SOC in order to provide an overview of the information security condition of an organization.
SIEM is based on collecting data and reports of security events, produced by the equipment, and focusing them on a point in order to provide an overview of the information and network security condition of an organization. Focusing the information will make the analysis and decision making faster and easier for the users and the leaders.
SIEM provides a combination of two services of security information management (SIM) and security event management (SEM) for the users, and it is considered as the brain of SOC. SIEM technology provides the real-time analysis of the security event reports recorded on hardware equipment and application programs.
SEM section is a center for saving and interpreting the events and real-time analysis. Based on which, network and information security experts can react fast and properly. In other words, real-time security event and threat management, is done in this section. While, SIM section collects the data and focuses it on a location for the policy analysis and conformity of the report findings and event data analysis, to the security policies and standards.
Being combined of these two sections, SIEM system makes possible fast security event recognition, analysis, treatment and conformity to the security regulations of the organization. SIEM collects its needed data from the users, hardware equipment and application programs such as servers, switches, routers, IDS, UTM, and antiviruses, etc.

مزایا

Advantages of Using SIEM
Providing an overview of the information and network security condition of the organization
Collecting events from the users and different equipment of network and network security
Saving all the events
Recognizing and prioritizing the events and incidents among cyberattacks and network events
Network behavior analysis and fast event recognition
Applying the organizational policies to the implemented structure
Event conformity to the organizational policies
Momentary 7×24×365 monitoring of all the events
Presenting graphical and statistical reports

خدمات

Modules
SA (Smart Agent)
This tool is installed on the servers and users’ systems. SA is responsible for sending systemic events to NBA, sending reports of the condition of system resources, periodic checks of vital and special files and windows registry files, matching the system input traffic with the attack patterns, checking and reacting to the attacks, and recognizing special processes such as illegal USB connections.

NBA (Network Behavior Analysis)
This tool is responsible for collecting, compressing, normalizing, classifying, coding, and sending the events produced on the network by the users, servers, network equipment, and security sensors to the event management system and also providing the possibility of filtering and searching through the produced events.

LCE (Log Correlation Engine)
This part as the brain of APK SIEM, checks the event relationships and uses the information such as vulnerability or non-vulnerability of a system to a threat, identified multi stage attacks, organizational correlation rules, and various attack scenarios in order to recognize, rate and rank the security events on the network and prepare the reports and determine the security strategies in the organization.

LM (Log Manager)
This tool is responsible for saving, compressing, advanced searching, and coding the collected events in order to analyze or prepare the reports in different periods of time according to the security policies of the organization.

محصولات

Service Packages
- Present situation recognition (design, procedure and organizational events)
- Proposing a plan and LOM (training, procedure and equipment)
- Execution and implementation
- Implementation documents
- Training and delivery
Analysis and Backup
- Checking and analysis of implemented SIEM condition
- Analyzing the logs and system output
- Presenting periodic reports