Consolidated Log Management, Real-Time Threat-Detection and Big-Data-Analysis with Logpoint SIEM
Many companies are already using, partially free, monitoring solutions to receive notifications about critical system states. However often the signal gets lost in the background noise of other infos and not every administrator can understand any sophisticated protocol language in their environment. An important step ahead to improve the current situation is the implementation of a Security Incident and Event Management System (SIEM). A SIEM collects all logs centrally, transforms them into a common language (normalization) and classifies them. During classification the SIEM will distinguish between „normal“ status reports, warnings and error messages. Using this kind of meta-information allows an administrator to do a targeted search for an error once the IT department receives a problem report.
Today important logs are often not analyzed though the source data would be already available and the potential insights would be of relevance for IT security. A centralized log management would harvest all the relevant data, do the analytics and provide you with alerts upon anomalies. A SIEM also offers the correlation of logs that have a common cause while the data is sourcing from different IT-components and databases.
microCAT is endorsing LogPoint SIEM for the following reasons:
- LogPoint is a European vendor
During a support case clients might need to share personal data, therefor it is important that the contracting partner is also subject to the new European General Data Protection Regulation (GDPR 2018). Additionally, the Common Criteria EAL 3+ certification is attesting Logpoint´s trustworthiness up to NATO standards. Logpoint offers numerous compliance reports which are important for German clients.
- A transparent license model
LogPoint is licensing based on IP adresses. This allows a precise calculation of costs. Furthermore, there is a built in hierarchical storage management (HSM), agents and a search engine are integrated as well. In case of a migration all elements of the SIEM are covered by one vendor minimizing dependencies.
- Intuitive solution handling
allows a quick start within a few days. As the only things administrators need to learn are the methodic and the query statements, the learning curve is short delivering a quick return on investment.
- Big data adapts to your organizational structure
In case you would like to attach branch offices, you just will add SIEM servers as Log-collectors. They will send compressed and encrypted data to a central big data repository. Multi tenancy capabilities using NQSQL technology will allow you to control that everybody will be seeing only the data within their responsibility without sacrificing a centralized overview.
- Scale to your demands
The software appliance can be deployed on either virtual machines or on premise. Functional roles can be distributed as well, offering you great flexibility.
- More than 650 ready- to-use data sources and over 5000 queries
You will find the most important questions already prebuilt into the product in a modular way. Regardless whether you would like to attach a new data source, query distinct information, or dynamically create a dashboard, you will either find it already integrated or you can download the component from the vendor. For instance, compliance reports for ISO 27001 and PCI DSS.
- Outstanding value for money
Many companies postponed the introduction of first generation SIEM systems being afraid of high prices, their complexity, expensive databases and search engines. Now, new products lowered the bar to entry prices in the smaller 5-digit Euro numbers. Especially implementation efforts shrinked, benefitting from a new modular design.
Learn more about Logpoint at IT-SA here: https://www.it-sa.de/en/ausstellerprodukte/itsa17/exhibitor-29697299/logpoint-gmbh