SIEM Security Technologies

SIEM solutions were implemented to help security and IT teams analyze security alerts in real time.

As a result, the team was able to decrease the time to diagnosis and correct the vulnerability by 4 days, and reduce its vulnerability severity by 44%, while the need to purchase more expensive physical monitoring solutions was reduced by 15%, and that[s why using SIEM solutions from sites as Fortinet online.

In addition to the aforementioned benefits, the scanning speed improved by 12x, while the number of alerts dropped by over 92%!

From the technical viewpoint, the solution is delivered using standard command line tools (pyel), which are natively cross platform. The only additional dependencies are Python 2.7 and Pylons, a lightweight and lightweight framework which can interact with a wide range of languages and frameworks including Django, Flask, Django Rest Framework, GraphQL, Silex, Sinatra, Django REST Framework, Jinja2, MongoDB, Redis, SQLAlchemy, and PostgreSQL.

But what really makes this tool stand out is its low installation cost (1/10k).

The team found that by deploying the tool on AWS, only the dependencies needed to be installed manually and could be quickly setup and configured. Once deployed, the server is automatically deployed to all active monitoring, alerting and reporting cloud providers.

With Python, Java, PHP, JavaScript, ElasticSearch, REST, Redis, and PostgreSQL, it’s simple to get started with deploying your security monitoring solution on any cloud and keep it up and running.

However, in order to mitigate issues, only use available AWS resources.

Here are the details for making the same analysis using Azure cloud resources:

10,000 active IAM user accounts

10,000 active services deployed

10,000 failed service configuration attempts

10,000 confirmed service failures

10,000 failed service remediation attempts

10,000 configuration updates

10,000 failed remediation attempts

10,000 missing service alerts

10,000 missed service events

10,000 confirmed Service Warnings

40,000 unconfigured security groups

40,000 required credentials for security groups

Let’s give this a try. For a number of analysis, I have deployed the tool on Amazon EC2, Azure, Google Cloud Platform and Microsoft Azure. You can read about deploying the solution with AWS using this blog post, or how to set up the tools on Azure using Azure CLI, and Windows using an intermediate solution here.

Security monitoring monitoring tools – an analysis with Kibana

I’ve also explored and used a number of security monitoring tools for analysis.

Kibana is a free, open source, RESTful, and open source web dashboard for data processing and analytics. It is hosted on Github and has been around since 2010 and is in use across Google, Microsoft, Yahoo, and others.

Comments are closed.