en flag +1 214 306 68 37

ScienceSoft's SIEM Solution

ScienceSoft's SIEM Solution

Overview

ScienceSoftSIEM is a SIEM platform enhanced with self-diagnostics and self-optimization features. Based on IBM QRadar® SIEM system, ScienceSoft SIEM is enhanced with an automated monitoring tool that allows security administrators to continuously sustain the SIEM system operability.

Problem

Security information and event management (SIEM) system provides real-time visibility of the entire IT infrastructure. Yet, in the long run, it starts to pose performance challenges:

  • Inefficient EPS license capacity utilization.
  • Low log data quality and performance.
  • Security events omission.
  • Misfiring rules.
  • Heavy rules and reports.

As a result:

Vulnerable perimeter, costly administration and low ROI.

Solution

ScienceSoftSIEM - Healthy Network Protection

Healthy SIEM system is the key to full-scale security protection of the whole network.

Purpose

24/7 Real-time APT, fraud and insider threat detection. 

Key Functions

Risk management

On the basis of collected data from firewalls, routers, switchers IPSs, vulnerability feeds and third-party security sources ScienceSoft SIEM is able to monitor its configurations, prioritize security risks and vulnerabilities in your network.

Event normalization and categorization

ScienceSoft SIEM parses raw input events from disparate sources, stores and presents them in a readable format. Applies identical categories for events with the same meaning: for instance, Windows User Logon and Linux User Logon have the same category.

Compliance and reporting

ScienceSoft SIEM generates a comprehensive report to comply with major security standards, such as Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS) and more. Provides the ability to create a custom reports.

Event & flow analysis and correlation

ScienceSoft SIEM processes numerous events and flows and determines relations between them in real-time mode or analyzes events and flows already stored.

Log data collecting and storing

ScienceSoft SIEM collects and stores large volumes of log data from all network devices, business applications, OS databases.

Network traffic analysis

ScienceSoft SIEM helps to sense, detect and respond to activities throughout your network to identify malicious traffic packets and evaluate network utilization.

Vulnerability management

ScienceSoft SIEM intelligence promptly discovers, analyzes and reports about vulnerabilities in your network helping to prioritize remediation activities.

SIEM health and performance monitoring and analysis

ScienceSoft SIEM provides all-round visibility into statistical, performance and behavioral parameters of the system itself at any given moment.

Data quality analysis and fine-tuning assistance

ScienceSoft SIEM helps to improve log data quality and minimize risks of missing log data despite high loads of the system. In addition, the solution enables quick and well-timed fine-tuning by in-house security specialists.

Unique Features

35+ Performance and Behavioral Metrics, 25+ Health Markers

Over 50 performance and behavioral metrics, 25 health markers

Provide on-the-fly performance assessment and configuration fine-tuning. Get an accurate portrait of the system with insights into such important aspects as:

  • Critical modification to log sources.
  • Presence of uncategorized or unknown events.
  • Excessive time of correlation rule execution.
  • Slow response of correlation rules.
  • Detected auto-update errors.

Detailed report

Detailed report featuring

  • Console summary of the system’s state (for example, the number of active log sources and assets, storage and memory available, top 10 unique offenses).
  • EPS and FPI statistics.
  • Events and flows timelines.
  • Disk, CPU and memory usage on managed hosts.
  • Log sources statistics.
  • Incoming log data quality.
  • Correlation rules, reports performance and more.

Get a quick snapshot of your ScienceSoft SIEM and trace the dynamics of its performance.

Suggestion of further remediation steps

Suggestion of further remediation steps

Restore the solution faultless operability.

Benefits of ScienceSoft SIEM Solution

For security teams

  • Better control of the SIEM system deployment.
  • Prompt diagnostics of security threats.
  • Less manual work.
  • Host overload protection.
  • Increased visibility of log data quality.
  • Improved utilization of EPS license capacity.

For decision makers

  • Improved visibility of security events.
  • Less time, efforts, budget spent on the SIEM solution maintenance and tuning.
  • Improved efficiency of security teams and SOCs.
  • Higher SIEM system ROI.

Licensing

ScienceSoft provides a flexible discount system on the ScienceSoft SIEM solution with an option for special bids.

Selected Projects