SIEM – Security Information and Event Management The system consolidates events and information from log files generated in the organization’s security systems and network equipment, analyzes them and allows control of processes and events while identifying security breaches and responding to attacks that occur at different times.
The SIEM system has many capabilities such as:
- Data aggregation: Storing data from multiple sources (network traffic, servers, databases, applications, etc.) and retrieving them when necessary in accordance with the rules policy configured in advance by the system administrator.
- Data coordination: Comparing common data and features and identifying scenarios, integrating information from different sources and turning it into useful information.
- Detection and analysis: Analyzes changes in operating systems and databases, monitors and manages user permissions, services and folders and identifies non-standard operational patterns.
- Alert system: Analyzes activity, alerting of and blocking suspicious activity of unauthorized access attempts, attacks on the network or any activity that triggers pre-defined rules. The system sends a report of these actions via e-mail as well as through the notifications system of the application itself.
The terminology and capabilities vary slightly from between different SIEM products, but the principle is the same for all, and hence, LudanTech provides consulting service for choosing a suitable system for the customer’s needs and assists in its implementation in the organization, as needed.
Meeting Regulatory Requirements
Network Separation Products
Network Separation Applications
Cyber Security Services
Want to see our Solution in Action?
Yehadut Canada 3, Or Yehuda, Israel