Smart Line and RuSIEM announced the implementation of the technological integration of their own solutions to improve efficiency in solving problems of preventing corporate information leaks and analyzing incidents.
As a result of integrating the solutions of two Russian developers, the DLP-complex DeviceLock DLP acts for the RuSIEM information security event management system as a source of information security events related to user access to peripheral devices, removable drives, printers, and network communication channels.
DeviceLock DLP allows real time information (alarm alerts) to be sent to SIEM-systems via SNMP and SYSLOG, and also to duplicate the records of event logs. Such alarm notifications can be created and sent to SIEM systems as a result of both allowed and forbidden attempts to transfer data through various communication channels, write information to removable drives, print documents to local and network printers, transfer data in terminal sessions via the clipboard etc.
DeviceLock DLP allows you to configure the mode of alarm notifications for the transfer of real-time information to the SIEM in real time when the content analysis information is detected in the transferred files and documents, chats and e-mail of restricted access information. In addition, SIEM-systems can receive information about events directly from the DeviceLock DLP logs.
To perform the integration of DeviceLock DLP and RuSIEM, a method of transferring events from DeviceLock DLP agents to RuSIEM via the SYSLOG protocol was chosen.
An information security officer using the RuSIEM and DeviceLock bundle will be able to monitor the transfer of corporate information and user actions in real time in conjunction with other information security events processed by RuSIEM, monitor correlations between different types of events and promptly disassemble incidents related to unauthorized actions of employees.
In addition to information from the DLP-system, RuSIEM analyzes and displays data from the Intrusion Detection System (IDS), routers, firewalls, servers and automated workstations of users. The wide scope of incident coverage simplifies the process of identifying intruders in the organization and collecting evidence in carrying out official investigations.
"Recently we have noted the increased interest of customers and system integrators to the integration of DeviceLock DLP with solutions of the SIEM class," said Ashot Oganesyan, technical director of DeviceLock. "As a result of integration of our DLP solution with RuSIEM, customers will be able to access mature analysis technologies in a single SIEM event system for a comprehensive range of data channels controlled by DeviceLock DLP."
"Complex analysis of the events intercepted and transmitted by DeviceLock DLP to RuSIEM will allow real-time detection and recording of really important incidents, an operational contextual search for user's network services and all kinds of devices, analyze the circle of communication and the movement of critical data in conjunction with the analysis of other events Information security, which certainly should improve the efficiency and productivity of the information security services. "- said Olesya Shelest Islands, CEO RuSIEM.
Comments
Post a Comment