As more computational devices enter the corporate environment and generate audit trails, there is a need to mine the captured data. Many companies analyze these security events manually, in a painstakingly manner. The lack of manpower to sift through the staggering amount of information becomes too cumbersome for organizations to handle, maintain and look for anomalies. A few examples of different technologies that generate real-time security events are:                       Unix, Linux, OSX system and syslog                       MS-Windows                       Mainframe and AS/400                       IDS / IPS events                       Web-server logs                       Online Application events                       Firewall and Router Devices                       Data Loss Protection (DLP)                       Content monitoring solutions                       Database events                       Anti-Virus and Anti-Spam Solutions                       Remote Network Authentication Solutions RSS Inc. solution requires minimal or no capital expenditure. Call us for details.

A common approach in corporate IT departments is to analyze the different technology’ audit trails and security events individually and separately. The need to correlate these events has become apparent due to more sophisticated attacks spanning over different technologies. As an outcome of the need to understand security events, a Security Event Management (SEM) solution was developed as the next step of security event data mining. SEM solution takes captured information from different technologies, analyzes it and produces human readable output. It allows users to better analyze, correlate and mine security events generated by different technologies.

This service conforms to key components of many compliance regulations such as PCI-DSS, Sarbanes-Oxley (SOX), Canadian Securities Administrators' (CSA) MI 52-109 and ISO27002. Our SEM Service offers a high-value expert analysis provided by information security specialists.

RSS Inc. provides an outsourced SEM managed service for clients who do not have internal resources or expertise to operate the solution. Companies faced with this challenge turn to us for help in security events’ correlation and analysis.

Solution Benefits
The immediate benefit to an organization is to provide a broader insight of security events generated by different technologies. This information can be used by the organization to detect abnormalities or unauthorized occurrences. SEM solution plays an integral and crucial part of corporate Security Risk Management. It reduces risk by identifying problems quickly by traversing different technologies at once. SEM will provide mature automation controls in implementation of governance framework such as COBIT and ITIL.

The analysis of the detected abnormalities or unauthorized occurrences of targeted assets will be used to prioritize the response by utilizing solution’s trending and correlation ability with focus on the risks arising from security events by monitoring critical assets, internal compliance, reporting, monitoring and incident handling. SEM solution augments as a real-time forensic analysis tool. The outcome of the comprehensive analysis will be presented within different reports ensuring corporate compliance with industry, legislative, regulative standards and/or requirements.

The information contained within these reports will be analyzed and mitigation steps will be proposed to the client. The mitigation steps presented will address the immediate concern of the ongoing suspicious activities.

The RSS Inc. team will provide mid and long-term preventative steps in order to mitigate future incidents.

Solution Deliverables
SEM service is a complete solution of software, hardware, and services providing our clients with assurance that their security events are being continuously reviewed for information security issues. The service provides proactive analysis to isolate real security threats from false alarms. The solution also provides professional assistance in detecting and managing security incidents.

The solution encompasses the following deliverables:

                                        Professional assistance in selecting, architecting and implementing SEM Solution
                                        Professional assistance in configuring devices and logging level
                                        Establishing secure delivery path for client security events
                                        7×24 proactive monitoring
                                        Identify security events using internally developed scripts and techniques
                                        Interpreting audit trail or logs
                                        Event Correlation analysis
                                        Investigation
                                        Security Alert Response Service
                                        Reports
                                        Storing security events
                                        Actionable and Pragmatic Recommendations