OpenSIEM in the enterprise
OpenSIEM is the heart of the Cyber Security Monitoring. This ensures the security of the IT infrastructure. The monitoring platform provides you with insights into insights into actual threats, working-in-progress and an actual report on the work we carry out.
Implementing OpenSIEM is accompanied by the Risk assessment. The results give the opportunity to prioritize the issues, so that the most important issues can also be resolved first.
Depending on the situation, the following additional security modules can be implemented.
Network Intrusion Detection System
Installation of Network Intrusion Detection System on the LDC.
Endpoint detection & response
Installation on various endpoints such as servers and workstations to control changes in files, executables and registries.
Next Generation Anti-Virus
Installation on endpoints to protect various types of malware. Checking the content of files or in the mail.
In many cases, attacks or threats will lead to preventive actions. This will often be automated, so that the next time the type of attack or IP address from which the attack takes place is immediately recognized and prevented. We also call this Intrusion Prevention. Intrusion Prevention.
The different components have different ways of prevention. For example, HIDS has the option of "active response" in which active IP addresses are blocked. EDR has the ability to block certain software. NGAV can terminate or block processes.
During the implementation there is a "learning period" in which the system that has been implemented must be fed with customer specific processes.