I thought a SIEM held my pants together

December –  2015

As a security professional, protecting your company’s assets from Cyber-attacks is a complex task. It is crucial you have visibility across your entire environment. It’s like having a house alarm, there is no point having some rooms with motion sensors and others without it.

All systems have the ability to let out an alert that something is going on but is there anyone listening to these cries for help. When you picture your environment, with Servers, workstation, network appliances, printers, SCADA and other equipment they all let out alerts. On top of this all your applications are sending out alerts, Web Servers, applications, Anti-Virus, Endpoint protection.

By using a Security Information & Events Management system (SIEM) we can capture all of these cries for help, separate the “Cry wolfs” from the real attacks and alert the operator that an attack maybe underway. Operators can be alerted via SMS or email for any suspect activity when an administrator creates a privileged account or alerted when an executive is using email from a destination that is different from their current location. The rules and alerts to suit your business are limitless.

What are the SIEM options? Of course there is a myriad of commercial products out there such as HP ArcSight and SPLUNK but these solutions come with node/GB limitations and can be quite expensive and of course the ongoing annual costs stack up.

Of course you can go the open source route, and use Elastic Logstash and Kibana (ELK) system or Cisco OpenStack, but speaking from experience the time you have built the plugins, dashboards, parses to have a functioning SIEM you’re looking at a years’ worth of development.

Kustodian have done this development for you and built a SIEM using open source built on Elastic without the price tag of Shield or Marvel. The free open source version is call SIEMonster. SIEMonster is am Enterprise grade free open source unlimited use version comes with all the dashboards, documents, plugins, incident response tools to make a functioning SIEM and Security Operation Center (SOC). This will be available for everybody.

The solution can be either onsite in a data centre or in the cloud such as AWS. This solution makes it simple for businesses to use open source SIEM technologies without the development headaches, documentation integration, and unlimited use and is affordable which all other products don’t provide.

Have a look at what our first client thought of the solution.

http://www.cso.com.au/article/587763/how-bluescope-cso-saved-big-an-open-source-global-security-operations-centre/