NeuroDAT SIEM

NeuroDAT SIEM is an information security monitoring system that allows you to collect from various sources, accumulate and analyze information about information security events. The system automates incident response processes, as well as ensures that administrators interact with employees responsible for correcting violations.

Features

• Scaling - the possibility of any scaling and organization of the system hierarchy, the presence of a single control center;
• Autonomy of the solution - the technology of operation does not provide for the issuance of information to external systems of tool developers;
• Solution alienability - a complete alienable toolkit is implemented;
• The possibility of using non-standard sources of information events - connecting non-standard sources of events through the mechanism for developing a specialized connector;
• Incident Management is a built-in, fully functional subsystem for incident recording and processing. Automated procedure for investigation of incidents;
• Monitoring of operability of external systems - event providers;
• Import substitution - NeuroDAT SIEM provides significant independence from imported technologies and fluctuations in world currencies, the ability to refine and adapt software at any time in accordance with the needs of a potential customer.
• Intuitive Russian-language interface.

Opportunities

• investigation of incidents on specific users and hosts;
• Monitoring of user actions on a near-real-time scale
• filtering of events from various sources at the system login (getting rid of massive "garbage");
• technical support of the system with the possibility of accelerated development of additional functionality;
• Developed incident management mechanism;
• a wide range of different metrics and indicators of the effectiveness of incident processing processes;
• predefined event correlation rules (mappings);
• collection and centralized processing of information;
• integration and storage in a normalized form in a single data warehouse;
• automated generation of various types of information security incidents based on analysis and correlation (comparison) of events coming from different sources;
• collection of all events about running processes from AWS and servers;
• carrying out network inventory;
• providing mechanisms for monitoring the operability of information provider systems for NeuroDAT SIEM;
• visualization of computer attacks on a scalable geo-information basis;
• periodic analysis of network security;
• compliance assessment;
• built-in mechanisms for automating the execution of procedures for responding to various types of incidents.

2018

Integration with movGUARD

Inoventica Technologies (Inoventica Group) and the Information Security Center (CBI) completed the integration of the invguard network attack protection system and the NeuroDAT SIEM information security monitoring system in March 2018. Read more here.

2017

Integration with Solar Dozor

Solar Security and the Information Security Center completed the integration of the Solar Dozor DLP solution and the NeuroDAT SIEM information security monitoring system in early November 2017. Within the framework of technological cooperation, a solution interaction scheme has been implemented, which allows enriching NeuroDAT SIEM with incident information from Solar Dozor. Read more here.

Integration with InfoWatch Traffic Monitor

The group of companies InfoWatch and the company ("Information Security Center" CBI) in early September 2017 entered into an agreement on technological cooperation. As part of the partnership, it was possible to work together a solution to prevent leaks confidential information and protect businesses from internal threats InfoWatch Traffic Monitor information security and the NeuroDAT SIEM monitoring system (SMIB).

InfoWatch Traffic Monitor captures all events on workstations and corporate mobile devices, detects confidential documents in the data stream and determines whether an organization's security policies have been violated, and blocks unauthorized actions by employees. As a result of solution integration, data processed in the InfoWatch Traffic Monitor DLP system becomes available for analysis in the NeuroDAT SIEM system.

During the integration, a connector was developed that provides the transmission of events registered by the DLP system to NeuroDAT SIEM using the Syslog protocol. Events are transmitted in a near-real-time mode, allowing information security personnel to respond instantly to incidents related to internal threats.

In NeuroDAT SIEM, all events are automatically categorized and displayed in a single console, which facilitates the day-to-day work of system administrators.

In addition to information from the DLP system, as part of a joint solution, the SIEM console also displays data from antivirus protection tools, intrusion detection systems for the organization's computer infrastructure (IDS), routers, firewalls, servers and automated user desktops. The wide scope of incidents allows the information security service of an organization using an SIEM system not only to quickly identify distributed attacks, correlating information from a DLP solution with other security tools, but also to block targeted attacks aimed at stealing confidential information, InfoWatch emphasized.

Integration with KPKSH "Continent"

On August 28, 2017, the Security Code company announced the integration of the Continent attack detector and the NeuroDAT SIEM information security monitoring system developed by the Information Security Center. A comprehensive solution allows security personnel to detect potential threats in a timely manner by consolidating all information security events into a single repository.

Compatibility testing of Kontinent and NeuroDAT SIEM was carried out on a dedicated segment of the corporate network of the organization with an Internet connection. During the integration, CBI specialists developed a connector for receiving data on security events using the Syslog protocol and rules for registering incidents based on events registered by the Continent ACS. In general, the use of a joint solution provides ample opportunities to fine-tune the rules for recording incidents based on data received from the Continent ACS and from third-party information protection tools supported by NeuroDAT SIEM. You can read more about this here.