| Your Challenge: | Having comprehensive, accurate and correlated log information; the tools to investigate and respond; log retention and reporting to satisfy management and compliance needs when a real security incident or compliance exception has occurred. |
Getting full log management capability for the entire IT environment can be a real challenge. Specialty systems including mid-range, mainframe, and security devices require a combination of catch and pull capabilities with unique interfaces and transport agents.
Log Retention for Compliance and Forensics
Ensuring that logs are being stored properly, that coverage is uninterrupted, and that the logs are secure from manipulation by the very staff that has direct access to the systems generating them demands true separation of duties, robust controls, and dedicated IT staff. Satisfying compliance mandates such as the PCI DSS, SOX, GLBA, HIPAA and others require organizations to monitor and store logs.
The Solution: Solutionary Log Management Service
| Collect: | Real-time information on threats in one centralized database |
| Classify: | Maximum security value and content extracted from log sources |
| Analyze: | Heuristic, statistical, threshold and time-based rules engines |
| Correlate: | Source, destination, user, asset and vulnerability interaction correlation |
| Investigate: | Incident details in context with processing and analysis trail down to the raw log lines |
| Audit: | Evidence repository, proof-of-compliance, auditable record of response process |
Cloud-based Log Management Service
- Avoid costly capital expenditures and ongoing maintenance
- Proven, patented technology platform with the robustness and scalability gained from 11+ years of development and operational experience
- Experienced security engineers and consultants to provide needed expertise
- An account management team to ensure that implementation stays on track
Solutionary Log Management Service Features
- One full year of log storage for 100% of logs received
- 100+ technologies / devices supported including mid-range and mainframe systems
- A security event abstraction mechanism that provides common security event classification and analysis
- Monitoring for applications, databases, network devices, security devices, servers, and endpoints
- Privileged-user monitoring, tracking and audit reporting
- Identity, vulnerability and asset information integration
- Content-aware data loss detection
- Malicious host identification and detection
- Quickly deployed, baselined, configured and tuned for your environment and security program
