Security Intelligence Systems
ELM or SIEM Services
(ELM is Enterprise Log Management and SIEM is Security Information and Event Management…for the uninitiated)
Data Engines offer clients a fully secured, offsite hosted solution to ELM and/or SIEM requirements. We operate a multi-tenant platform with full log/event data encryption from the Equinix data centre facility in Mascot, Sydney.
Clients have the option of bringing their own HP ArcSight or Splunk licensing entitlements or utilising more flexible subscription based license arrangements handled by Data Engines on their behalf.
This offering is not a generic, cookie-cutter approach. We do not force customers into a use model let alone a security monitoring/alerting model. Each organisation has access to their own, fully fledged security intelligence platform and may also choose how their information is handled. Log/Event data can be sent directly to the hosted environment via secured VPN tunnels and retained indefinitely. Alternatively some organisations prefer to have their log/event data sent to a local on premise repository and to the hosted environment. Here it is parsed/processed/correlated by the hosted system and then discarded with any relevant security events retained and actioned appropriately.
Data Engines can also provide curated, 3rd party intelligence feeds into client’s systems whilst allowing for the client themselves to maintain their own feeds. In some cases this service is provided at no cost to the client if there are prepared to share anonymised security event data from their environment. This can become quite powerful in the face of targeted threat actors looking at specific industry or technology verticals. External data source leverage is often a common wish list item for our clients, via this service much of the leg work has already been performed.
This offering is not intended to replace the security operations function for clients. Data Engines do not operate a security operations centre. If required Data Engines consultants can assist clients in planning and responding to incident detections as an adjunct to existing staff resources.
Information Security Controls
The network is still the most exploited/exploitable vector that organisations need to implement security controls for. Even though in many cases the ultimate breach manifestation may appear in an unpatched application or operating system, the network is the critical path in all phases of the kill chain. Data Engines provide expert design and operational advice in advanced firewall and intrusion detection/prevention systems. Such systems utilised properly should provide;
- Deep visibility and data regarding network traffic at all times
- Access to and ability to leverage a wide range of external intelligence sources
- Sophisticated rules engines that can block or otherwise direct network traffic in high volumes without normal service disruption
- Capability to look back at events and traffic flows to help remediate the network state if required.
Although often accessed via networks, software applications themselves are a significant attack vector for many larger organisations. Many possibilities exist as to how or what vulnerabilities may come to exist in applications; they may arise from errors or omissions in coding, from the use of open source or other 3rd party modules (software supply chain risk), or in the business/transactional logic inherent in how an application functions. Data Engines advocates the use of code analysis tools in either or either a static or dynamic fashion according to needs.
While possibly not a vector in and of itself, the use or misuse of identity in the broadest computing sense (from root through to identity established via 3rd party certificates) constitutes a significant threat to the security of IT operations. Tracing identity across operating systems and application stacks is difficult but is also crucial to identifying potential misuse or corruption or manipulation of identity stores. Identity provides access to data, and it is data at the heart of the majority of security operations; a robust identity control strategy should protect information assurance by guaranteeing;
- Non Repudiation