Log Management & SIEM at Insta
Insta – Your trusted partner for Log Management & SIEM
Insta’s strong experience and commitment to build industry-leading expertise in Log Management & SIEM ensures successful deployments. As a product-independent solution provider, we help in finding the solution that best matches the requirements of your organisation.
Our broad offering includes:
- Technical requirements assessment and compliance planning
- Log policy planning
- Technology evaluations, product comparisons and analysis
- Log Management & SIEM deployment projects
- Log Management & SIEM system delivery projects from planning to maintenance
- Log Management & SIEM as a service
We have experience of e.g. the following Log Management & SIEM products:
- NetIQ Sentinel
- IBM Qradar
- HP ArcSight
Contact us to find out more about our expertise and our solutions for Log Management & SIEM.
It all starts from log collection
Log Management and SIEM share the same data collection components, the difference is in how the collected data is processed, the engine. The principles of data collection and processing are illustrated below.
The Log Management solution can be set up to collect log data from multiple Event Sources with many different protocols. Most standard logging systems are supported directly and log collection can be customized to support practically any system using Event Source Servers and Connectors.
The log data from different systems is normalised with Collectors into a standard format with common fields, facilitating data correlation and reporting efforts.
The collected and normalised data is stored in online or archive event stores. The storing of data can be controlled by rules in Collector Managers, e.g. to omit data whose retention period has expired. Integrity of the stored log data is ensured with electronic signatures.
Search and reporting components in the Log Management Engine use stored data as source to create search results and reports. Reports can be generated in various standard and customised formats, e.g. for audit purposes.
SIEM is one step further
SIEM (Security Information and Event Management) adds functionality by linking and analysing the log data collected from multiple sources. This provides tools for tools for handling information security threats, such as automatic security monitoring, vulnerability management and policy monitoring as well as incident handling and security operations.
CSO's (Chief Security Officer) responsibility is to control that company security policies are complied with and to develop these policies further. Often the reactive activities take so much resources that preventive work suffers. Log Management provides readable and informative reports and helps the CSO in making threat, risk, and policy related decisions.
Regulations or customers often require external information security audits to be performed in organisations. To see potential security conflicts, the auditor may ask for reports of entitlements in multiple systems. Combining this information without Log Management would be a extremely difficult.
Most information security compliance regulations, e.g. PCI-DSS, ISO 27001, VAHTI and KATAKRI, require a managed way to collect, archive and review log data. Log Management provides tools to meet all these requirements.