Security Incident & Event Monitoring
Security Incident & Event Monitoring (MON) is a key aspect of ISO27001/NIST security processes. This requires that log records should be stored and analysed. Most networks can generate billions of events over a short space of time, meaning that it is not feasible to collect and store from everywhere, thus leaving gaps.
Rebasoft not only receives and processes events and alerts in real-time, but also provides context and fast remediation that goes beyond the many SIEM systems available today.
- Does Rebasoft charge on events received?
- How can I detect incidents that are not traditional log based messages?
- How can I track down a device affected by an incident?
- Can Rebasoft automatically remediate incidents it finds?
Used effectively, with the right remediation, Rebasoft can solve security issues quickly, reducing risk and cost. Rebasoft helps where traditional event system cannot; Rebasoft understands the network, all connected systems and all traffic flowing between them. This means that security events can be analysed within the context of knowledge. There is less “noise” – false positives and other non-relevant information generated. It also means that, should it be needed, Rebasoft can take direct action to remediate security issues.
Reporting via a single pane of glass means information for the “C” suite and subject matter experts (SMEs) is seamlessly interwoven. This makes security event analysis more effective, reducing errors and improving time to recover.
MON-1: Logging & Audit
Ensure events are captured from business critical systems and services and stored to support any necessary internal, legal, or compliance investigation and reporting requirements
MON-2: Security Incident Management
Ensure a quick, effective, and orderly response to information security incidents
MON-3: Security Monitoring
Analyse behaviour and correlated against approved business activity