The diverse nature of modern enterprise business processes and the need to respond to their security challenges require the establishment of a real-time protection system. To comprehensively protect against potential threats, it is necessary to use a variety of security tools, including firewalls, antivirus software, anti-spam systems, intrusion detection systems, security scanners, data leak prevention tools, and more. However, with the increase in the number of security tools, the volume of information that IT specialists must process to make decisions significantly grows. This, in turn, leads to an increase in the time required for analyzing all the information coming from various sources, including different security tools, to make adequate decisions in response to detected attacks. This also results in an increased amount of time that operators must spend analyzing all the information received from various security tools to make appropriate decisions regarding responding to detected attacks.

We offer:

Design and implementation of SIEM systems. To enhance the effectiveness of decision-making in response to security-related events, it is recommended to use specialized monitoring systems that can automate the process of collecting and analyzing information from various security tools. In Western terminology, such monitoring systems are denoted by the abbreviation SIEM (Security Information and Event Management).

The operation technology of modern SIEM systems involves dividing the security event processing into six main stages: filtration, aggregation, normalization, collection, correlation, and visualization. During the filtration phase, the system filters out events that are not directly related to ensuring information security.

Aggregation allows for the removal of repetitive events that describe the same incident.

Filtering and aggregation significantly reduce the volume of information processed by the monitoring system (with proper planning, the volume of information can be reduced by 5-10 times).

During the normalization stage, events are brought to a unified message format. Subsequently, the normalized events from various systems and agents are transmitted to a centralized event storage system. The collected messages are then processed using correlation mechanisms based on statistical methods and expert system construction rules. Finally, the SIEM system provides the obtained results to a centralized console that operates in real-time mode.

SIEM enables security administrators to focus on real threats, allowing them to respond promptly to network security threats.

In addition to working with reporting information, modern SIEM systems allow for network asset inventory, vulnerability identification of network assets, and managing the process of addressing identified vulnerabilities, determining the threat level, and potential risks. These capabilities transform SIEM systems into a unified cybersecurity control console, which not only records various cyber incidents but also identifies the causes of their occurrence, possible solutions, and who will address the threats.

Our Projects:

SNT Ukraine has successfully implemented a range of projects in this area, including those for Raiffeisen Bank Aval and PRAVEX-BANK.

Our Partners:

SNT Ukraine's solutions are based on products from manufacturers such as ArcSight (HP), Symantec, IBM, Alien Vault, and GFI.