SIEM Log Management
All of the devices on your network create logs. Logs from Firewalls, Intrusion Detection, Web Filters, Active Directory, Switches, Exchange servers and on and on and on. These logs contain valuable information. Errors in software or hardware; brute force login attempts; vulnerabilities being exploited.
How often do you review your device logs? Do you even have access to them all? How can you review the logs from multiple domain controllers simultaneously? Did it impact another device or service?
A Security Information and Event Management system will assist you in this process. It will collect logs from many different systems around your network, aggregating and normalising them to make sure they are in the correct format.
Correlation between logs takes place to allow you to see events from a global level, not just restricted to one device or another.
There are many types of SIEM available, depending on your need.
Log collectors that collect logs from your systems, allowing you to look back at a particular time or date for audit or compliance purposes.
Event managers that add a correlation layer, allowing events to be created based on certain rules or use cases.
Alerting will be configured based on your needs. Higher priority alerts may cause emails or SMS's to be sent, where lower priority things may just get included in a daily email report.
Some SIEM solutions allow for actions to be taken, such as a PowerShell or Bash script to be run. These scripts could lock out a user’s account, power down a server, or even make a cup of tea!
NTS will help you in choosing the correct SIEM platform for your business. Our experienced sales and technical teams can work with you to understand the business and technical needs, and translate this into a SIEM solution that is right for you.
From design, through implementation and into support or managed service, NTS have the experience and expertise to assist your SIEM implementation.