Log Management and SIEM

The power of visibility can never be underestimated” – Margaret Cho

 

Most Danish companies have an exclusive focus on keeping unauthorized users from their networks and devices. This means that there have been implemented some measures such as firewall, anti-virus and backup that should function as a protection for the company’s valuable assets. These actions are fundamental to achieving satisfactory IT security.

It is important to realize that the statement above is just a protection on the outside of the network. Unfortunately, it is not enough protection for today.

Today’s reality is that there are many examples that the external protection of the company is being breached through. Incidents can be caused externally, that penetrate the company’s network, but can be also caused due to an inappropriate behavior from the company’s own users or suppliers, who intentionally or unconsciously put the company in a risky situation.

Companies need useful tools for monitoring and controlling what is happening internally in the network. In brief, if someone breaks through the first protection (and they do), so there is a need to detect it and react to it.

What we observe is that there are the majority of companies that have difficulty (or inability) to answer to a question whether the data has been lost for the last 12 months or otherwise has been exposed to a safety incident.

The Purpose

The purpose of GlobalSequr Monitoring is to give the company an opportunity to see what is happening on its own network and on its own devices.

Looking at the activity on the network there will be a possibility to identify whether company is exposed to incidents, which are not being blocked by the firewall or anti-virus programs.

When you can see what is actually going on, only then you can respond!

GlobalSequr gives you this possibility to create this insight and transparency in your own network system, by a minimal financial and resource investment.

Highest level of log-privacy security

The special thing about GlobalSequr’s solution is that all sent logs are collected and evaluated by Danes and all logs are sent being encrypted to the servers in Germany. Many companies are unsafe by allowing logs to pass through American or foreign servers and analysts.

Target group

All companies that wish to take the next step after perimeter protection.

What does GlobalSequr’s Monitoring consist of:

  • A basic coverage of activity on the company’s networks and devices
  • Setting up of relevant security audits
  • Collection of relevant history and data (log files)
  • Continuous monitoring and analysis of activity on the networks and devices
  • Monthly reporting

GlobalSequr Monitoring is a service, which is driven by people to people – it is the human analysis and positioning of data that gives value, thus making the difference.

The process

  • Together with GlobalSequr IT security consultant, the company’s entities are mapped, which are desired to be monitored. This may be done in a startup workshop with the company.
  • Installation of agent on the relevant devices
  • GlobalSequr receives through relevant agents the relevant data, that is going to be analyzed
  • Transmission of report review

Factors that affect price:

  • Startup workshops
  • Number of devices on the network
  • Level of support
  • Storage of data request

Additional services

When the awareness of the network increases and the necessary adjustments/decisions are made, next step can be taken, which is extension of the benefits, that matches with the company’s security level wish.

Further analysis of incident

  • Enhanced reporting
  • Increasing of log storage
  • Setting alarms for more urgent response
  • Alerts and response services
  • SIEM, which is adapted to compliance framework, such as ISO27001
  • Advanced response and 24/7 monitoring

Short technical description

Log collection from the clients occurs by installing an agent that sends relevant logs to the logger collection server. It is very convenient to roll out a MSI package on the clients and windows servers. This package does the following:

  • takes a picture of the existing audits
  • sets the audits that ensure the correct sent logs
  • installs a log-forwarder agent
  • ensures the ability to uninstall and return to previous state

GlobalSequr has no access to the individual client as well as the logs that are being sent do not contain information about content in, for example, documents. Logs are sent via an encrypted TCP connection to the servers located in Germany.

Basically, logs are stored for 90 days.

If a client is offline, it repeats the sending of logs from the time a client left offline when a client comes online again.