1. VSEC VADAR SECURITY INFORMATION & EVENT MANAGEMENT SOLUTIONS
When the IT system of enterprises is equipped with many different brands and technology equipment. Moreover, these devices and applications offer different log formats corresponding to each provider. It is very difficult to summarize events at the time of incident, because there is no dedicated solution and long-term storage of events for later analysis, leading to difficulties such as the system’s messages being “overflowed”, a large amount of information is generated from the log system. Some important alerts may be missed, not handled in a timely manner.
The investigation of attack source, attack target, attack principles shall be performed manually, which is time-consuming and effort-consuming, however, it is not effective timely. Furthermore, in recent times, new types of attacks such as Advanced Persistent Threat (ATP), Zero-day, internal attacks and new types of malware have increased dramatically, both in the number of machines attacked and infected as well as in the way of controlling machines. In addition to explosive numbers, these types have also become harder to detect with sophisticated tricks to avoid detection and analysis. Traditional security solutions are almost ineffective against new types of threats. Therefore, VSEC Vadar Security Information & Event Management solution (brand name: VSEC, Vadar SIEM) will solve above complex problems.
2. MAIN FEATURES
- Collect data from other agentless components/systems such as Firewall, WAF, Switch, ESXi, … via the solution’s Syslog or from Windows/Linux/Unix servers via agent; Standardize and eliminate redundant data, categorize it in a common format optimized for analysis and troubleshooting investigations.
- Intuitive and diverse monitoring dashboard: provides an intuitive, easy-to-use dashboard interface, available with various types of dashboards/monitoring charts according to many criteria, according to common SOC operation use cases and can be easily customized.
- Server Monitoring Tools:
-
- Resource management on the server: provides information about resources on the monitored server such as interfaces, running applications, user management, existing crontab/tasks.
- Server change control: controls and detects behaviors that change the configuration of the server, creates/opens new connections, new services/ processes, creates/edits/deletes/elevatse accounts on the server.
- Web application change monitoring: detect and prevent the act of putting webshell on the web server after hackers exploit the vulnerability of the web application on the server.
- Security baseline compliance control on the server: monitors the server’s compliance with security policies, standards, and configuration standards.
- Support operating systems: Windows Server 2008 or later, Centos/Redhat/Oracle Linux 6 or later, Debian 7 or later, Ubuntu 14.04 or later.
- Share and automatically synchronize data with the national cybersecurity monitoring system or other SIEM systems.
- Process and store 5000 events simultaneously in a period of 01 minute.
- Real-time correlation analysis of collected log data.
- Automatically alert users in real time
3. OUTSTANDING ADVANTAGES
- Centralized log management from many different data sources, ensure data security and integrity.
- In-depth analysis in “real-time” gives timely and accurate warnings, shortening detection and troubleshooting time.
- Incorporate the ability to respond quickly to attacks or policy or compliance violations
