Free Up Your IT Staff

Digitalization has the potential to transform your business but often times IT teams struggle from lack of time or expertise. By leveraging a managed SIEM, organizations can position themselves to focus on their areas of expertise.

Unified NOC and SOC Analytics

As a Fortinet partner, Xiolox can manage the SIEM architecture that enables unified data collection and analytics from diverse information sources including logs, performance metrics, SNMP Traps, security alerts and configuration changes. The FortiSIEM essentially takes the analytics traditionally monitored in separate silos from — SOC and NOC — and brings that data together for a more holistic view of the security and availability of the business. Every piece of information is converted into an event which is first parsed and then fed into an event-based analytics engine for monitoring real-time searches, rules, dashboards and ad-hoc queries.

Real-Time, Automated Infrastructure Discovery and Application Discovery Engine

Rapid problem resolution requires infrastructure context. Most log analysis and SIEM vendors require administrators to provide the context manually, which quickly becomes stale, and is highly prone to human error. Fortinet has developed an intelligent infrastructure and application discovery engine that is able to discover and map the topology of both physical and virtual infrastructure, on-premises and in public/private clouds, simply using credentials without any prior knowledge of what the devices or applications are. An up-to-date CMDB (Centralized Management Database) enables sophisticated context aware event analytics using CMDB Objects in search conditions.

Automated Incident Mitigation

When an Incident is triggered, an automated script can be run to mitigate or eliminate the threat. Built-in scripts support a variety of devices including Fortinet, Cisco, and Window/Linux
servers. Built-in scripts can execute a wide range of actions including disabling a user’s Active Directory account, disabling a switch port, blocking an IP address on a Firewall, deauthenticating a user on a WLAN Access Point, and more. Scripts leverage the credentials FortiSIEM already has in the CMDB. Administrators can easily extend the actions available by creating their own scripts.

Real-Time Operational Context for Rapid Security Analytics

• Continually updated and accurate device context — configuration, installed software and patches, running services
• System and application performance analytics along with contextual inter-relationship data for rapid triaging of security issues
• User context, in real-time, with audit trails of IP addresses, user identity changes, physical and geo-mapped location
• Detect unauthorized network devices, applications, and configuration changes

Managed Performance Monitoring

• Monitor basic system/common metrics
• System level via SNMP, WMI, PowerShell
• Application level via JMX, WMI, PowerShell
• Virtualization monitoring for VMware, Hyper-V — guest, host,resource pool and cluster level
• Storage usage, performance monitoring — EMC, NetApp, Isilon, Nutanix, Nimble, Data Domain
• Specialized application performance monitoring
• Microsoft Active Directory and Exchange via WMI and Powershell
• Databases — Oracle, MS SQL, MySQL via JDBC
• VoIP infrastructure via IPSLA, SNMP, CDR/CMR
• Flow analysis and application performance — Netflow, SFlow, Cisco AVC, NBAR
• Ability to add custom metrics
• Baseline metrics and detect significant deviations