iSecurity helps companies protect valuable information assets against insider threats, unauthorized external access and malicious, or inadvertent, changes to field-level data in business-critical applications by sending real-time alerts to specific recipients as Syslog messages, SNMP, SMS, e-mail, MSGQ, Twitter, etc. See Figure 1 below.
New iSecurity Syslog Features- March 2016
Following are some of the highlights of the extended support:
Up to 3 SIEM products/servers can be used simultaneously. For example iSecurity can send network and system related alerts to one SIEM product/server and application-related alerts to a second SIEM server.
Field-mode formats for IBM QRadar (LEEF) and HP ArcSight (CEF) are supported; each event value is stored in a separate field together with its appropriate descriptive name. Previous support for LEEF/CEF and other standards, with messages that integrate field values within a descriptive message, were preserved. It should be noted that Raz-Lee is certified by IBM as “Ready for Security Intelligence” and partnered with Q1Labs prior to their acquisition by IBM.
Each of the supported SIEM products/servers is defined by its unique destination IP, Port, CCSID, message filtering, etc.
LEEF/CEF field mode support sends only meaningful fields. For example, since Move and Rename objects have the same Audit Type but different sub-types, the fields sent will be those relevant to the activity to the object.
UDP, TCP and encrypted TLS protocols are all supported.
Self-Test facility enables sending messages to a local server prior to actually sending the messages to a remote SIEM server.
Advanced communications recovery features have been implemented where feasible, in the event of network problems or SIEM unavailability.
Following are some of the major features of Syslog as implemented in iSecurity products:
Syslog support includes Transport Layer Security (TLS) encryption
iSecurity sends Syslog security event information originating from:
the system's infrastructure (QAUDJRN system journal, network access events, IFS virus detection product, user profile changes including requests for stronger authorities and much more)
business-critical applications, both field level writes & updates as well as unauthorized READ accesses to sensitive data
iSecurity includes advanced filtering capabilities for selecting which events are sent to SIEM for analysis; as such iSecurity assists in controlling the traffic sent to Syslog
iSecurity supports a "super fast" iSecurity Syslog implementation which can send extremely high volumes of information, for example system journal records, with virtually no performance impact
The Syslog message structure is easily definable by each site and can include event-specific substitution variables for user profile name, IP address, field-level before & after values, etc.
As multi-platform environments are the reality at nearly all companies worldwide, these companies have often implemented SIEM solutions in order to analyze and establish forensic procedures to analyze the security-related events originating in these different environments. An additional goal is to consolidate security-related information from multiple environments to a single console for easier administration and operator response. Finally, companies will often expect to be able to integrate security event information from both the system's infrastructure as well as from business-critical applications. See Figure 2 below.
Syslog is the most widely used protocol for sending alert messages in real time to SIEM solutions and iSecurity supports Syslog in nearly all products; see figure 3 below.
Indeed, real-time Syslog alerts sent from iSecurity products integrate with all the leading SIEM products: IBM's Radar and Tivoli, HP ArcSight and OpenView, CA UniCenter, RSA enVision, GFI Solutions, Splunk, Juniper, NNT, etc. Case studies can be supplied upon request.
For a PowerPoint overview of how the iSecurity products interface with the leading SIEM solutions, including success stories and actual screenshots, see this presentation as well as the following video about SIEM using iSecurity.