i

XIOLOGIX MANAGED SIEM SERVICE

Xiologix can configure and manage your SIEM to rapidly find and fix security threats, manage compliance rules, increase critical application availability, and enhance IT management efficiency.
SIEMs are an incredibly valuable tool but require the right human resources to manage it.  Allow us to be that resource for you.  At Xiologix, we are proud to be a Fortinet Platinum Partner and after a great deal of research we have decided to lead our Managed SIEM offering utilizing the FortiSIEM solution. Our highly certified engineers are very knowledgeable about SIEM offerings and have spent a great deal of time with the FortiSIEM tool. Below we have highlighted many of the main features of the FortiSIEM. You can learn more here.  While Darktrace is not a SIEM, we also choose to highlight it here as it compliments any security or SIEM solution quite nicely.

Free Up Your IT Staff

Digitalization has the potential to transform your business but often times IT teams struggle from lack of time or expertise. By leveraging a managed SIEM, organizations can position themselves to focus on their areas of expertise.

Embrace Automation

Automate time-consuming tasks that take significant human hours by introducing tools to monitor IT, security and compliance, proactively identifying issues before they become major problems and  freeing up individuals to focus on higher value activities.

Unified NOC and SOC Analytics

As a Fortinet partner, Xiolox can manage the SIEM architecture that enables unified data collection and analytics from diverse information sources including logs, performance metrics, SNMP Traps, security alerts and configuration changes. The FortiSIEM essentially takes the analytics traditionally monitored in separate silos from — SOC and NOC — and brings that data together for a more holistic view of the security and availability of the business. Every piece of information is converted into an event which is first parsed and then fed into an event-based analytics engine for monitoring real-time searches, rules, dashboards and ad-hoc queries.

Real-Time Event Correlation

Distributed event correlation is a difficult problem, as multiple nodes have to share their partial states in real time to trigger a rule. While many SIEM vendors have distributed data collection and distributed search capabilities, Fortinet is the only vendor with a distributed real-time event correlation engine. Complex event patterns can be detected in real time. This patented algorithm enables FortiSIEM to handle a large number of rules in real time at high event rates for accelerated detection timeframes.

Real-Time, Automated Infrastructure Discovery and Application Discovery Engine

Rapid problem resolution requires infrastructure context. Most log analysis and SIEM vendors require administrators to provide the context manually, which quickly becomes stale, and is highly prone to human error. Fortinet has developed an intelligent infrastructure and application discovery engine that is able to discover and map the topology of both physical and virtual infrastructure, on-premises and in public/private clouds, simply using credentials without any prior knowledge of what the devices or applications are. An up-to-date CMDB (Centralized Management Database) enables sophisticated context aware event analytics using CMDB Objects in search conditions.

Flexible and Fast Custom Log Parsing Framework

Effective log parsing requires custom scripts but those can be slow to execute, especially for high volume logs like Active Directory, firewall logs, etc. Compiled code on the other hand, is fast to
execute but is not flexible since it needs new software releases. Fortinet has developed an XML-based event parsing language that is functional like high level programming languages and easy to
modify yet can be compiled during run-time to be highly efficient. All FortiSIEM parsers go beyond most competitor’s offerings using this patented solution and can be parsed at beyond 10K EPS
per node.

Automated Incident Mitigation

When an Incident is triggered, an automated script can be run to mitigate or eliminate the threat. Built-in scripts support a variety of devices including Fortinet, Cisco, Palo Alto and Window/Linux
servers. Built-in scripts can execute a wide range of actions including disabling a user’s Active Directory account, disabling a switch port, blocking an IP address on a Firewall, deauthenticating a user on a WLAN Access Point, and more. Scripts leverage the credentials FortiSIEM already has in the CMDB. Administrators can easily extend the actions available by creating their own scripts.

Flexible and Fast Custom Log Parsing Framework

Effective log parsing requires custom scripts but those can be slow to execute, especially for high volume logs like Active Directory, firewall logs, etc. Compiled code on the other hand, is fast to
execute but is not flexible since it needs new software releases. Fortinet has developed an XML-based event parsing language that is functional like high level programming languages and easy to
modify yet can be compiled during run-time to be highly efficient. All FortiSIEM parsers go beyond most competitor’s offerings using this patented solution and can be parsed at beyond 10K EPS
per node.

Real-Time Operational Context for Rapid Security Analytics

  • Continually updated and accurate device context — configuration, installed software and patches, running services
  • System and application performance analytics along with contextual inter-relationship data for rapid triaging of security issues
  • User context, in real-time, with audit trails of IP addresses, user identity changes, physical and geo-mapped location
  • Detect unauthorized network devices, applications, and configuration changes

Compliance Reports

Xiologix will configure pre-defined reports supporting a wide range of compliance auditing and management needs including — PCI-DSS, HIPAA, SOX, NERC, FISMA, ISO, GLBA, GPG13, SANS Critical Controls

Managed Performance Monitoring

  • Monitor basic system/common metrics
  • System level via SNMP, WMI, PowerShell
  • Application level via JMX, WMI, PowerShell
  • Virtualization monitoring for VMware, Hyper-V — guest, host,resource pool and cluster level
  • Storage usage, performance monitoring — EMC, NetApp, Isilon, Nutanix, Nimble, Data Domain
  • Specialized application performance monitoring
  • Microsoft Active Directory and Exchange via WMI and Powershell
  • Databases — Oracle, MS SQL, MySQL via JDBC
  • VoIP infrastructure via IPSLA, SNMP, CDR/CMR
  • Flow analysis and application performance — Netflow, SFlow, Cisco AVC, NBAR
  • Ability to add custom metrics
  • Baseline metrics and detect significant deviations

Availability Monitoring

  • System up/down monitoring — via Ping, SNMP, WMI, Uptime Analysis, Critical Interface, Critical Process and Service, BGP/OSPF/EIGRP status change, Storage port up/down
  • Service availability modeling via Synthetic Transaction Monitoring — Ping, HTTP, HTTPS, DNS, LDAP, SSH, SMTP, IMAP, POP, FTP, JDBC, ICMP, trace route and for generic TCP/UDP ports
  • Maintenance calendar for scheduling maintenance windows
  • SLA calculation — “normal” business hours and after-hours considerations