Central log and event management, also referred to as SIEM (security information and event management), is an important part of a comprehensive security strategy.
This proven solution supports the highly efficient collection, analysis and management of all company network data, so-called log files. Information concerning all networked components in the company network (firewalls, servers, routers, switches, applications, etc.) is collected. This makes it possible to quickly detect, track and efficiently remove irregularities.
Extending company networks as well as increasing volumes of data traffic lead to exponential growth in terms of log files and logged data. This is a veritable flood of unstructured and more or less complex individual pieces of data in a very wide range of formats. The regular monitoring of log files takes up a considerable part of an administrator’s workday.
Legislation concerning the monitoring and storing of log files dictates that enormous volumes of data must be stored as proof of compliance. Moreover, directives require dedicated reporting. Central log and event management simplifies the implementation and adherence to compliance provisions. It moreover ensures legally compliant treatment of log files and offers comprehensive automation for auditing, monitoring and reporting. Additional encryption of the data protects against manipulation.
Real-time processing of the logs makes it possible to trigger predefined alarm procedures immediately after suspicious behaviour patterns had occurred. In the case of very large volumes of data, which must be stored for a specific period of time, some solutions make use of additional data compression for storage of the log files. With the help of central log and event management, authorised users can access all of a company’s log file records at the same time without having to install special software at the workstation. This can occur in real-time, if desired. Administrators can use various reports with clearly structured views to observe and evaluate network performance and security-relevant events over a longer period of time.
secunet supports you in the choice and integration of an appropriate system. This allows you to concentrate of your core business and comply with all legal requirements while doing so.