A security information and event management (SIEM) solution is a central risk management tool. Some of the main benefits that a great SIEM tool should include are, improved threat detection and response with real-time data analysis, early detection of data breaches, data collection, data storage and reporting.
Data nowadays is the greatest asset, but what makes it valuable is the ability to visualise it and put it into context. LogPoint’s SIEM solution collects and analyses information from devices, applications and users from within your network, allowing you to detect and prevent threats quickly.
Recently SIEM has gained popularity among enterprises because we need to monitor and detect what is going on in your network to be able to respond rapidly.
The National Cyber Security Centre outlines monitoring as one of the ten main steps to cybersecurity: “Establish a monitoring strategy and produce supporting policies. Continuously monitor all systems and networks. Analyse logs for unusual activity that could indicate an attack.”
The ISO, on the other hand, advises how to keep data safe – check your software security alerts, access control logs and other reporting systems you have in place on a regular basis. You should act on any alerts issued by these monitoring services
At Chess, we stress that the viability of each solution is crucial – the ability to fit into your network and the way you do things, provide ROI and at the same time, be affordable. LogPoint is widely used in the public sector – among our customers using the solution are councils, universities and the NHS, as well as corporate organisations.
LogPoint have released a new pricing model for universities
For each UK University, LogPoint has created an Enterprise CORE SIEM License, which has been calculated as a set cost of £1/per student for Universities with over 20,000 student. For universities under 20,000 students, there is a highly discounted set code. The price is fixed for the term on the contract, which means that the UK Universities have no restrictions on the number of logs they can collect or the number of volumes of log data that is consumed, ensuring no price increases for the length of the contract.
Compared to other SIEM solutions which often charge per the MB of log traffic, making it difficult to understand and budget for your bill at the end of the year, LogPoint’s pricing model is much simpler. Plus, what we’ve noticed from our experience is that once customers begin using a SIEM solution, they want to collect logs and have visibility of more and more areas of their business.
Verizon has identified in their report a fundamental gap between compromise and detection. A business’ network may be breached in a matter of minutes, yet often the issue is not identified until months later. This discrepancy is exploited by cybercriminals who roam freely within your network during this time. However, we can also see that internal threats are a high percentage, making internal visibility critical.
Traditionally people see SIEM as just a security solution. However, with data’s importance and value increasing, cybercriminals are interested not just in your security information, but in all of your data. By gaining visibility of this data across our whole network, we can increase efficiency and productivity.
Some of the common challenges at universities are that these organisations have massive networks, often with thousands of users and heavy usage. Furthermore, data breaches and insecure networks can affect the compliance reputation of the institute, jeopardising research grants and leadingto financial loss.
At the same time, everyone is trying to reduce their operational costs, and one effective way is to monitor what is happening across the network, there is always software or applications running on the network that will produce logs which can be then analysed to improve efficiency.
The key benefit of SIEM is that it is centralised intelligence, ensuring all of your data is in one place. While we at Chess appreciate that holding all of your valuable data in one place may cause some worry, LogPoint has the highest security certification of any SIEM vendor on the market today, the common criteria EAL 3+, meaning it can be used in critical government infrastructure and any network on the planet because it is seen as a secure solution from the ground up.
Creates a single pane of glass, ensuring all data is in one place and can be correlated to improve available analysis.
Has the ability to correlate multiple events from multiple devices, provides the analysts with the ability to detect outages, security flaws and understand what caused the incident within the organisation’s network.
If you’re aware of a breach sooner rather than later, due to improved detection, damage done to the business can be limited - whether that is being able to stop a worker trying to take confidential data out of the front door in their tracks, or plugging a security gap within the network to block a command and control connection.
Applying Machine Learning on top of the SIEM tool extends the value of the solution by being able to uncover threats that traditional security measures struggle to detect, such as the low and slow attacks.
The key to a successful, future-proof SIEM solution is scalability. With LogPoint’s architecture, it is possible to grow and scale the solution as per the business needs and as its requirements grow. Plus, LogPoint can be installed on all major platforms (Azure, AWS, ESXi, Hyper-V and hardware).
Collection, Storage and Analytics of Machine Data
By normalising on ingestion, not only does LogPoint increase the speed of search, but it also ensures the transformation of unstructured data into structured data before storage. This allows us to apply extra context such as enrichment (Threat Intel, LDAP, etc.) as well as to easily link into advanced plug-ins (such as UEBA) with minimal effort.
Utilising flat-file storage brings flexibility and control of data, as well as reducing costs relating to traditional SIEM’s such as SQL licensing costs.
This is where LogPoint can transform data into a visual context, turn the typical blank white page with black text into clear graphics while also allowing analysts to deep dive into data for full threat hunting capabilities.
What value does LogPoint bring to an organisation
Utilising a single taxonomy, LogPoint doesn’t differentiate whether you have a Palo Alto or Checkpoint Firewall, they will translate the data into a common language enabling lighting fast analytics with a short and low learning curve. With data being in a common language correlating between multiple events from multiple sources, it has never been easier to allow the analyst to see a bigger and clearer picture.
All of the analytics can be presented in a clean and minimalist view, translating long lines of text into a valuable visual context. When you are able to gain context and understand what your own data is trying to tell you, you can react to what you consider important.
Finally, LogPoint enables customers to control their cost based on the number of devices customers want to ingest data from – by providing full transparency and with no hidden surprises related to data volume and EPS.
With pre-defined content, LogPoint strives to provide as much as possible out of the box. At Chess, we see this as an excellent start rather than a quick finish, as this offers instant value for you to build upon.