NeuroDAT SIEM

NeuroDAT SIEM is the information security monitoring system allowing to collect from different sources, to accumulate and analyze information on cybersecurity events. A system automates processes of response to incidents and also provides interaction of administrators with the employees responsible for elimination of violations.

Specific Features

• Scaling — a possibility of any scaling and the organization of hierarchy of a system, existence of uniform command center;
• Autonomy of the solution — the technology of work does not provide issue of information in external systems of developers of means;
• Alienability of the solution — complete alienable tools are implemented;
• Possibility of use of non-standard sources of events of information — connection of non-standard sources of events via the mechanism of development of the specialized connector;
• Incident management — the built-in full-function subsystem of registration and working off of incidents. The regulations of investigation of incidents are automated;
• Serviceability check of external systems — suppliers of events;
• Import substitution — NeuroDAT SIEM provides essential independence of import technologies and rate fluctuation of world currencies, a possibility of completion and adaptation of software according to needs of the potential customer at any time.
• Intuitive Russian-language interface.

Features

• investigation of incidents on specific users and hosts;
• monitoring of actions of users in the time scale close to real;
• event filtering from different sources on login (disposal of mass "garbage");
• technical support of a system with a possibility of the accelerated development of additional functionality;
• the developed mechanism of management of working off of incidents;
• broad spectrum of different metrics and performance indicators of processes of working off of incidents;
• the preset rules of correlation of events (comparison);
• collecting and the centralized information processing;
• integration and storage in the normalized type in the uniform data warehouse;
• the automated formation of different types of incidents of cybersecurity on the basis of the analysis and correlation (comparison) of the events arriving from different sources;
• collecting of all events about the started processes from an automated workplace and servers;
• carrying out inventory of network;
• providing mechanisms of serviceability check of systems — suppliers of information for NeuroDAT SIEM;
• visualization of the computer attacks on a scalable geoinformation basis;
• carrying out periodic analysis of security of network;
• assessment of fulfillment of requirements of security (compliance);
• built-in mechanisms of automation of accomplishment of regulations of response to different types of incidents.

2018

Integration with invGUARD

Inoventica Technologies companies (Inoventica group) and "Center of Security of Information" (CSI) in March, 2018 completed integration of a system of protection against network attacks of invGUARD and information security monitoring system of NeuroDAT SIEM. Read more here.

2017

Integration with Solar Dozor

The companies Solar Security and Center of security of information at the beginning of November, 2017 completed integration DLP- solutions Solar Dozor and monitoring systems information security of NeuroDAT SIEM. Within technology cooperation the scheme of interaction of solutions which allows to enrich NeuroDAT SIEM with information on incidents from Solar Dozor is implemented. In more detail here.

Integration with InfoWatch Traffic Monitor

The InfoWatch group and Center of Security of Information (CSI) company at the beginning of September, 2017 signed the agreement on technology cooperation. Within partnership the possibility of joint work of the solution for privileged information loss prevention and protection of business against internal threats of InfoWatch Traffic Monitor and the information security monitoring system (ISMS) of NeuroDAT SIEM was provided.

InfoWatch Traffic Monitor fixes all events at workstations and corporate mobile devices, reveals confidential documents in a data stream and defines the facts of violation of security policies of the organization and also blocks unauthorized actions of employees. As a result of integration of solutions the data processed in the InfoWatch Traffic Monitor DLP system become available to the analysis in the NeuroDAT SIEM system.

During integration the connector which provides transfer of the events registered by a DLP system to NeuroDAT SIEM under the Syslog protocol was developed. Events are transferred in time mode close to real that provides a possibility of instant reaction of staff of Information Security Services to the incidents connected with internal threats.

In NeuroDAT SIEM all events are automatically categorized and displayed in the single console that facilitates daily work of system administrators.

In addition to information from a DLP system, within the joint solution in the SIEM console are also displayed given means of antivirus protection, an intrusion detection system in computer infrastructure of the organization (IDS), routers, firewalls, servers and the automated jobs of users. The wide horizon of a scope of incidents allows Information Security Service of the organization using a SIEM system not only to quickly reveal the distributed attacks, correlating information from the DLP solution with other means of protecting, but also to block the target attacks directed to plunder of confidential information emphasized in InfoWatch.

Integration with APKSh "Continent"

The Code of Security company announced on August 28, 2017 Continent and information security monitoring systems of NeuroDAT SIEM developed by Center of Security of Information company integration of the detector of the attacks. The complete solution allows security service specialists to detect timely potential threats due to consolidation of all events of cybersecurity in uniform storage.

Testing for compatibility of APKSh "Continent" and NeuroDAT SIEM was carried out on the selected segment of corporate network of the organization having connection to the Internet. During integration specialists of TsBI developed the connector for data reception about security events under the Syslog protocol and rules of registration of incidents on the basis of the events registered by APKSh "Continent". In general use of the joint solution gives ample opportunities on thin setup of rules for registration of incidents on the basis of the data received from APKSh "Continent" and from the third-party supported NeuroDAT SIEM of information security tools. In more detail about it it is possible to read here.