CapStash SIEM

SIEM

Why choose a SIEM solution?

SIEM stands for Security Information and Event Management. It is a combination of two previous security monitoring techniques: SIM and SEM. The purpose of SIEM is to capture uninvited guests who have managed to sneak through the network’s perimeter defenses.

SIM is security information management and it examines log records. This is a host-based intrusion detection system (HIDS).

Host-based security systems are able to combine different log message formats to collect data from many points in the system and look for signs of attack. The problem with SIM is that it is not instantaneous. It takes time to gather enough information to be included in the analysis.

SEM is Security Event Management and it deals with real time data. This is a network-based intrusion detection system (NIDS).

Network-based security monitoring systems have the advantage of speed because they work in real time. However, this strategy has weaknesses because hackers can sneak into the system without detection by combining a series of actions to make malicious activity appear as legitimate individual transactions.

SIM + SEM = SIEM

By combining SIM and SEM (= SIEM), you can direct network traffic surveys to specific users and endpoints identified by the SIM. Thus, SIEM provides far more accurate warnings than a standard network security monitor.

CapMon is Elastic OEM partner

Both our CapStash SIEM and log management solution include Elastic modules. Elastic is used by thousands of organizations (including Cisco, eBay, Goldman Sachs, NASA, Microsoft Wikipedia, and Verizon). CapStash SIEM is a extension of our CapStash log management solution.

CapStash SIEM Services

Apart from the modules included in our CapStash log management services (CapLog, CapSec, CapFlow) CapStash SIEM also includes Elastic Security i.e. security functionalities, such as:

  • ELASTIC SIEM App
  • Machine learning
  • Mitre Attack
  • Incident Response Soar
  • Rules/usercases
  • SIEM reporting.

You have the option of choosing the Elastic End Point Security solution, which is Anti-malware built into the Elastic stack. (Agents are installed on the client to stop malware on the client). Elastic End Point is an important protective layer for data collection of end points.

Exabeam UEBA

CapMon is MSSP partner with Exabeam. Their solution uses UEBA, (user behavior analysis) and can be implemented on top of both existing and new SIEM solutions.

It is a powerful management platform which, with the help of advanced computer science, enables your security team to detect compromised and malicious user accounts that were previously difficult or impossible to find.

Exabeam UEBA