Video Screencast Help

SSIM centralized event monitoring and unbeatable part of ISMS

Created: 09 May 2013
Milan_T's picture
+2 2 Votes
Login to vote

IT is tagged as a burden on business with huge annual expenses.

On the other hand businesses today face a considerable challenge to deliver ever-improving service levels to meet and exceed the expectations of their business users for service quality, availability, and security while optimizing resources and operations costs to manage and maintain the IT infrastructure. Monitoring and managing these increasingly complex infrastructures is a growing problem.

IT professional’s main challenge is to secure the increasingly time-intensive task of infrastructure and device management, increasing the overall availability of network resources to support broader use of converged technologies.

About ISMS:

Information Security Management System (ISMS) can foster efficient security cost management, compliance with laws and regulations, and a comfortable level of interoperability due to a common set of guidelines followed by the partner organization. It can improve IT information security system quality assurance (QA) and increase security awareness among employees, customers, vendors, etc.

ISMS provide a process framework for IT security implementation and can also assist in determining the status of information security and the degree of compliance with security policies, directives and standards.

Once implementation of ISMS completes you need to maintain / monitor on daily basis. SSIM is product used to closely monitor ISMS. Let’s consider ISMS has been implemented with Servers, IDS, IPS, AV, Web Gateway, Firewalls, Proxies, Routers, Switches other security devices and desktop endpoints.

Now we cannot individually monitor / manage activity on such huge infrastructure on daily basis without security information manager. To monitor ISMS components is an important task. That is what we can fulfill with the help of SSIM(SIEM). A security information and event management (SSIM) platform became a snow angel for Priority Health.

Symantec Security Information Manager offers enterprise wide log collection, management and retention, enabling organization prioritize security incident response activities based on business risk and demonstrate compliance with industry regulations. It also provides real-time event correlation and data archiving to protect against security threats and to preserve critical security data.

Benefits of SSIM

Provides analysts with a graphic display of the progress of an attack to facilitate quicker analysis. Supports providing security management services to multiple divisions and/or geographies Leverages an enterprise's existing asset model to provide insights into which parts of the organization are affected by an incident. It enables security/network administrators to collect log data (of all events) from a wide variety of network devices across the whole network to (mainly) identify and report on security threats and suspicious behavior. SIEM solutions also facilitate Forensic Investigation (Who did what where and when, and perhaps even why!) and comprehensively manage the collection, storage and archival of all log data generated by multiple network devices over a long period of time.

 Capabilities of SSIM

SSIM ensures the integrity and security of information assets by delivering the following capabilities:

  • Captures, filters, normalizes, and reports on security and availability events from  a myriad of Symantec and leading 3 rd party host and network products (event  logs, antivirus, firewall, intrusion detection/prevention, vulnerability  management, policy compliance, backup, etc.), and custom data sources, enabling  IT to identify critical breaches in a heterogeneous or complex network environments.
  • Centralizes log management for compliance and forensics requirements, retaining normalized and raw event information in online, searchable compressed format that is easy to manage and inexpensive to maintain for very long periods of time.
  • Queries, plays back, and reports on arbitrary histories of identity and user activity, host, IP address, or any other normalized event field.
  • Correlates security events, in realtime, using a highspeed patent pending multistage pattern based engine, helping IT to reduce events and logs into prioritized incidents and focus on solving the most serious problems first.
  • Tracks security incidents and related response activities throughout their lifecycle from ticket creation to closure, helping IT to quickly and effectively remediate problems.
  • Integrates into the enterprise infrastructure including existing management and ticketing systems so that IT can leverage their legacy investments and processes by way of industry standard web service interfaces.
  • Reports on compliance and security incident metrics enabling businesses to visualize and refine the effectiveness of their security processes and posture.
  • Scales via a distributed architecture for simple to complex configurations with a single point of administration.
  • Delivers best in class functionality packaged as a high performance Appliance that is easy to deploy, use and manage for lowered cost of solution and cost of ownership.

References:

http://www.isaca.org/Journal/Past-Issues/2011/Volume-4/Pages/Planning-for-and-Implementing-ISO27001.aspx