The Huntsman Enterprise SIEM security monitoring software is the cornerstone of the highly regarded defence grade Huntsman Security Platform. Built for accurate high speed threat detection, its Security Analytics capability gives you the support you need to protect your business.
The Huntsman Enterprise SIEM:
- Shortens the time from threat detection to resolution
- Automates the collection of contextual information relating to a threat
- Speeds up the investigative process
- Delivers precise security information to operations, management and audit stakeholders.
The Huntsman Enterprise SIEM is a fully-featured security monitoring and compliance solution that supports the entire security management lifecycle – from data collection, threat detection and alert analysis, to reporting, incident response and resolution. It features:
- Real-time collection and analysis of log, event and system data
- Highly flexible architecture that supports high-volume data flow
- Clear security intelligence displays for ease of data driven investigation
- Integrated incident management capabilities to investigate, escalate and resolve potential threats
- Role-based access controls and audit trails with evidential replays of all activities.
Flexible data collection
- High-speed, real-time, stream-based processing, correlation and alerting engine to detect non-compliant activity
- Flexible sensor collection including syslog, event logs, file-based, XML, database query, and network flow data
- Infinitely scalable data model – allowing multiple live/accessible repositories and unlimited off-line storage.
Huntsman Enterprise SIEM is designed to collect and analyse data from all types of sensors and sources, mainstream and bespoke, including:
• All major operating system platforms – including legacy versions and variants
• Databases and application platforms
• Storage devices
• All major firewall platforms, proxies and web/mail/content network gateways
• Antivirus server, email, endpoint detection solutions, malware detection and sandbox solutions/gateways
• Network infrastructure components – routers, switches, wireless, load balancers, NAC, VPNs, DNS etc.
• Intrusion detection and prevention systems (IDS/IPS)
• Packet capture solutions
• End point/host security solutions including DLP
• Common Cloud providers (IaaS/PaaS/SaaS)
• IAM/IDM, Authentication and PAM
• Vulnerability scanners and configuration management
• Ticketing and service desk systems (including two way integration)
• Threat Intelligence feeds (various)
The RegEx interface allows easy customisation for any other source or for in-house/bespoke applications or data sets (this can be done by the vendor or the customer as full training is provided). Structured and Unstructured data can be supported.
- Tracking of multiple concurrent alerts across multiple sources
- File and directory integrity monitoring for ad hoc or scheduled reporting
- Passive ICT asset mapping to trace threats and prioritise potential business risks.
- Prioritised alerts for immediate intervention or automated dynamic response
- Immediately answers the key questions ‘who, what, where, when and how’
- Comprehensive alert tracking and incident management with automated workflow support, case data management, and reporting for incident resolution
- Integration with third party ticketing, SNMP/network management, API access and incident remediation solutions.
State-of-the-art visibility and business intelligence
- Dynamic real-time threat detection and risk dashboards for compliance and security status reporting for multiple stakeholders, as it happens
- Business intelligence drill-down interface for ad hoc or scheduled queries, tabbed data views and interactive filtering
- Extensive range of out-of-the-box or tailored scheduled and ad hoc reports with automatic storage and distribution
To make it even more powerful, the Huntsman Enterprise SIEM comes with these enhancement options:
- Behavioural Anomaly Detection for advanced identification of unknown and unknowable threats
- Threat Intelligence for the latest external information for more accurate threat detection
- Multi Tenancy to support shared services
- Extended data repository
- High Availability Licence
Want to find out more?