SIEM-as-a-Service (SIEMaaS)

Stratejm’s Security-as-a-Service (SIEMaaS) provides discovery-driven, real-time situational awareness to security logs, resulting in quick IT response. The awareness comes from creating a dynamic usage profile of infrastructure assets, current configurations, recent changes, dynamic asset-to-business service mappings, user discovery from Active Directory and OpenLDAP databases, etc.

We enrich the data through the use of continuously updated external threat intelligence sources in the form of IP reputation, domain reputation, malware user agent and malware hashes. The situational awareness is appended to logs and enables the rule engine to correlate the information in real-time to generate accurate Actionable Intelligence (AI) alerts and reports.

Stratejm’s SIEMaaS has been purpose built within our secure multi-tenant Canadian cloud. The solution offers customers:

  • Real Time Event Correlation
  • Advanced Log Management
  • Collect, Parse, Correlate from Anywhere
  • Machine Data Search
  • Big Data Analytics
  • Visual Analytics
  • Compliance Automation
  • Advanced Threat Management

Real Time Event Correlation

Stratejm’s SIEMaaS offers powerful event correlation for connecting patterns of events over time across ALL IT domains. Bad behavior in machine data can be encoded in rules.

Advanced Log Management

Stratejm’s SIEMaaS stores the original raw log messages, parsed attributes and enhanced data elements. Real time or historical data can be purged, archived and trended over time. Searches can be simple or complex using regular expression or structured SQL-like query statement. There is no system limitation on the amount of data that can be processed or stored within Stratejm’s Secure Cloud.

Stratejm delivers a robust, scalable log management solution offering:

  • Mainstream device support
  • Event source monitoring
  • Event log and network flow data consolidation
  • Comprehensive, extensible analytics
  • Network, virtualization and application intelligence
  • Identity and location intelligence
  • Configuration and configuration change monitoring
  • Database security, availability and anomalous activity monitoring
  • Powerful, layer 7 rules engine
  • Real-time and historical cross-correlation
  • Prioritized, valid security incidents with correlated and raw details
  • Dynamic dashboards, topology maps and notification
  • Real-time and long-term search with web-like query and iterative filtering
  • Directory service integrated and custom asset and user grouping
  • Compliance and standards-based reports
  • Optimized event repository
  • Event log data integrity secured by HMAC
  • Unlimited online data retention
  • As-needed performance and coverage capacity

Collect, Parse, Correlate from Anywhere

Supporting multi-vendor device sources and advanced parsing technology, Stratejm’s SIEMaaS can collect, parse, correlate and store logs from virtually all IT infrastructure sources. Our SIEMaaS automatically interprets the device type and how to process the event logs as they are received.

Machine Data Search

No matter the data type, whether performance metrics, database logs, security logs or configuration changes, Stratejm’s SIEMaaS pre-processes all data into searchable events.

Stratejm’s SIEMaaS allows both Google-like keyword and regular expression based searches on unstructured machine data in addition to field-based searches on structured machine data. Searches can be executed in real-time on streaming data or on stored historical data. Discovered CMDB objects can be utilized to help facilitate search conditions to narrow results.

Big Data Analytics

Stratejm’s SIEMaaS is built on an agile Hadoop cluster that’s designed to achieve performance-driven big data analytics. There is no limit to the amount of data Stratejm’s SIEMaaS is able to ingest and crunch.

Visual Analytics

Visual Analytics generates actionable insights from events and logs processed by Stratejm’s SIEMaaS. This allows customers the ability to interact with their data in powerful new ways that make it easy to communicate the value of security and performance monitoring to executives, customers, and business units. Using this information, customers are able to turn performance metrics into answers needed to understand cost of service delivery and which user behaviors most impact external threat vulnerability.

Compliance Automation

Stratejm’s SIEMaaS features full log aggregation, real-time event correlation and online data retention. We have developed customized rules and reports mapped to leading management and SOX, PIPEDA, HIPAA, COBIT and PCI DSS compliance standards.

By incorporating an up-to-date fully automated CMDB, statistical profiling and true identity binding for complete access records, Stratejm automates audit and control processes. Our compliance engine automates the enforcement of IT controls and problem resolution. This ensures that compliance becomes part of daily operations; not another time consuming managed project.

Advanced Threat Management

Advanced Threat Management is achieved from a combination of Stratejm’s SIEMaaS’ robust features including:

  • Analysis of security devices
  • sFlow & NetFlow Data
  • CMDB classifications
  • Statistical anomaly detection
  • CPU, Disk, Memory and Network Performance Monitoring
  • Threat feeds & advanced rules