Why choose a SIEM solution?
SIEM stands for Security Information and Event Management. It is a combination of two previous security monitoring techniques: SIM and SEM. The purpose of SIEM is to capture uninvited guests who have managed to sneak through the network’s perimeter defenses.
SIM is security information management and it examines log records. This is a host-based intrusion detection system (HIDS). Host-based security systems are able to combine different log message formats to collect data from many points in the system and look for signs of attack. The problem with SIM is that it is not instantaneous. It takes time to gather enough information to be included in the analysis.
SEM is Security Event Management and it deals with real time data. This is a network-based intrusion detection system (NIDS). Network-based security monitoring systems have the advantage of speed because they work in real time. However, this strategy has weaknesses because hackers can sneak into the system without detection by combining a series of actions to make malicious activity appear as legitimate individual transactions. By combining SIM and SEM (= SIEM), one can direct network traffic surveys to specific users and endpoints identified by the SIM. Thus, SIEM provides far more accurate warnings than a standard network security monitor.
CapMon is Elastic OEM partner
Both our CapStash SIEM and log management solution include Elastic modules. Elastic is used by thousands of organizations (including Cisco, eBay, Goldman Sachs, NASA, Microsoft Wikipedia, and Verizon). CapStash SIEM is a extension of our CapStash log management solution.
- ELASTIC SIEM App
- Machine learning
- Mitre Attack
- Incident Response Soar
- SIEM reporting.
You have the option of choosing the Elastic End Point Security solution, which is Anti-malware built into the Elastic stack. (Agents are installed on the client to stop malware on the client). Elastic End Point is an important protective layer for data collection of end points.