Information Security Monitoring
Security Monitoring
There are currently only a few tools that monitor information security events, screening firewalls and intrusion detection systems (network-based and host-based), but also of logs and alerts / error messages from routers, switches, anti-virus and content scanning applications, backup applications, and PBX-critical *nix and other servers, etc.
In some cases, security management teams must also handle security events from physical security devices such as card readers, motion detectors and cameras, the security alarm of secure doors and gates, fire alarm and sensors for climate control.
Most big vendors of security equipment have their own specific event monitoring system. The vendor A tool may only be used for logs or events to used by products from vendor A, while the vendor B tool can only be used to consolidate information coming from products from vendor B. Even with these tools, an administrator usually has little time available to monitor security throughout the entire company.
Besides the lack of time and, in many cases, the lack of vendor independent tools, a supplementary reason why enterprise security monitoring is not an easy task, is “false positives”. A false positive has an event launching a security alert, but the event is not always security related or relevant. Lacking a good "vision" on a host or network, a "loosely" configured host-based or network-based intrusion detection system can generate a high number of false positives. The problem is that many administrators do not have enough time or monitoring knowledge to investigate the large number of events generated by this "loosely" configured intrusion detection system. And host-based and network-based intrusion detection systems are only two types of systems that can generate false positives. They can also be created by many other systems.
Monitoring the safety of a business begins with a complete and correctly integrated implementation of the monitoring system.
Event Correlation
The next step of information security monitoring is capturing the knowledge and analytical capabilities of the security experts in which to apply an integrated security-monitoring platform. Super-Visions offers an integrated platform between them (correlation) shows the events from the logs and alerts / error messages from various security technologies, right up to information access logging.
There is currently a major problem with intelligent event correlation across the information security industry. There is no standard for logging security related information or alerts / failure notifications. Each vendor uses their own logging or alerting methodology on security related events.
Super-Visions can help your organization to capture data from such heterogeneous systems. And with expert advice and a tailored service, bring the alarms in an integrated visualization and alerting platform.