SIEM
Why choose a SIEM solution?
SIEM stands for Security Information and Event Management. It is a combination of two previous security monitoring techniques: SIM and SEM. The purpose of SIEM is to capture uninvited guests who have managed to sneak through the network’s perimeter defenses.
SIM is security information management, and it examines log records. This is a host-based intrusion detection system (HIDS).
Host-based security systems are able to combine different log message formats to collect data from many points in the system and look for signs of attack. The problem with SIM is that it is not instantaneous. It takes time to gather enough information to be included in the analysis.
SEM stands for Security Event Management, and it deals with real time data. This is a network-based intrusion detection system (NIDS).
Network-based security monitoring systems have the advantage of speed because they work in real time. However, this strategy has weaknesses because hackers can sneak into the system without detection by combining a series of actions to make malicious activity appear as legitimate individual transactions.
SIM + SEM = SIEM
By combining SIM and SEM (= SIEM), you can direct network traffic surveys to specific users and endpoints identified by the SIM. Thus, SIEM provides far more accurate warnings than a standard network security monitor.
CapMon is MSSP partner with Elastic
CapMon is MSSP tech partner with Elastic. Our SIEM Log Management solutions are based on Elastic which is used worldwide by thousands of organisations.
Among these are Cisco, eBay, Goldman Sachs, NASA, Microsoft Wikipedia og Verizon.
Exabeam UEBA
CapMon is MSSP partner with Exabeam. Their solution uses UEBA, (user behavior analysis) and can be implemented on top of both existing and new SIEM solutions. Advanced computer science enables your security team to detect compromised and malicious user accounts that were previously almost impossible to find.
