Lookwise Enterprise Manager allows you to manage the security of your organization in a centralized manner by collecting and analysing information from internal and external sources, providing the intelligence required to identify the risks of your business.
Today’s organizations have complex IT infrastructures that are exposed to a growing number of security threats. The IT systems generate large volumes of log information, with many different formats and highly dispersed across the network, which makes it increasingly difficult to discover the organizational security status and to detect risks before they become losses. An even greater challenge is ensuring that all security solutions work together to detect and eliminate new threats which the different systems cannot detect working alone.
Security information and event management (SIEM) systems are designed to collect security log data from a wide variety of sources within an organization, including security controls, operating systems and applications. The SIEM processes the log data to standardize its format, performs analysis on the “normalized” data, generates alerts when it detects anomalous activity, and produces reports upon request.
Lookwise Enterprise Manager (LEM) meets all the requirements which the best international analysts agree are key for a SIEM tool: flexible real-time or batch data collection, normalization, advanced data analytics, integration with threat intelligence feeds, incident and risk management, customizable reports and dashboards and security automation all supported by a highly scalable architecture that lets you grow at your pace, always reusing your infrastructure and investment.
SMALL TO MID-SIZED BUSINESSES ARE THE NEXT FRONTIER FOR SIEM MARKET GROWTH
Comprehensive set of collection methods: on-line, off-line, probe-based or customized.
High performance to deal with large volumes of data and compatible with HDFS file systems.
Confidentiality & Integrity of the collected data, logs are stored in native format with on-line ciphering & hashing support.
Collection forwarding support for distributed architectures.
Licensing model based on daily collected volume, independent of event peaks.
Out-of-the-box support of the most common datasources: security systems, communications systems, operating systems, databases, applications…
Simple and flexible process to integrate new datasources, even if the data format is proprietary.
Flexible normalization to a customizable taxonomy to facilitate searches across different data types.
Powerful search engine with an SQL-like interface for advanced queries.
Rule-based correlation, both over real-time or historical data.
Integration with Threat Intelligence data.
Framework to build highly complex customized business fraud use cases.
LEM’s Operations Center is a customizable web user interface for security operations.
It is used for Security Risk & Incident Management, with the ability to customize the incident model and workflow.
It provides customizable Reporting & Dashboard (KPIs), both technical or business oriented
It provides a framework for Business Flows & Security Automation.
With its modular architecture, LEM can scale from small centralized to large highly distributed architectures, growing at your pace while always reusing your infrastructure and investment.
Don’t dedicate important internal resources to lookwise enterprise manager. Have your installation remotely managed from S21sec’s Security Operations Centre (SOC) or move into a cloud-based software as a service model provided from our SOC..