SearchInform SIEM is an out-of-the-box system for collecting and analyzing real-time security events, identifying information security incidents and responding to them. The solution accumulates information from various sources, analyzes it, records incidents and alerts the designated staff being deployed in a few hours. The SearchInform SIEM reveals: · Virus epidemics and separate infections · Attempts to gain unauthorized access to data · Account password guessing · Active accounts of dismissed employees that had to be deleted · Hardware configuration errors · Permissible operating temperature abuse · Data removal from critical resources · Use of corporate resources during off-duty time · Virtual machines and snapshots removal · Connecting new equipment to IT infrastructure · Group policy changes · TeamViewer usage, remote access to corporate resources · Critical events in protection systems · Errors and failures in information systems HOW THE SYSTEM WORKS 1.Collects events from various software and hardware sources: network equipment, third-party software, security tools, OS. 2.Analyses events and generates incidents in accordance with the rules, detects threats by identifying relationships (correlations, including cross-correlations) of events and/or incidents. 3.Automatically notifies employees in charge when incidents occur. 4.Normalises and details incidents for further investigation: determines the type and source of the incident, when integrated with AD – identifies the user. Advantages: · Out-of-the-box analytics: the system comes with a set of ready-made rules and incorporates the previous experience of working with companies from all sectors of the economy. · Incident management. It's possible to create an investigation based on one or more incidents. · Quick implementation without a need for a lengthy pre-configuration (software can be put into operation in just one day with instant results). · Easy to use: the program can be handled by an employee with no particular IT skills or knowledge of programming languages – none are required to create correlation and cross-correlation rules. · Low hardware requirements, transparent licensing, comfortable cost of ownership.