Providing a lightweight and cost effective system information and event management
Context and challenge to answer
All types of organization, from small to large companies, are becoming a common target in the cyber-delinquents’ radar. On the one hand they usually work with personal or critical data and, on the other hand, their level of cybersecurity is very low, both from the technology and awareness point of view. That way cyberattacks and information about the status of cybersecurity of their systems is a need in order to protect their systems and taking decisions regarding cybersecurity.
Description and offered functionality
The XL-SIEM provides event correlation capabilities for the detection of security incidents, integrating sensors from different vendors and providing with real time alerts, reporting and visualization capabilities.
The XL-SIEM capabilities can be summarized as follows:
- Generation of alerts and reports about the detected incidents.
- Data Storage (events gathered by the agents and alarms generated by the server)
- Processing of events received from sensors.
- Configuration of different correlation processes
- Risk assessment procedure which takes into consideration the following aspects: Reliability, Priority and Asset relevance.
- Possibility to operate in a fully distributed manner adapting it to the security and performance requirements of the platform, improving resilience and robustness.
- Flexible adaptation to the characteristics of the ICT infrastructure to monitor, tailoring detection capabilities to security requirements
- Decision Support System (DSS) to help the user to analyse the risks detected and select suitable mitigation measures
- Support for deployment.
Value proposition for Atos
XL-SIEM can improve other existing open source solutions in different ways. Among these characteristics, one of the more interesting is the enhancement of the performance and scalability, allowing processing of big amounts of data and having the possibility of performing event correlation at different layers with more complex rules.
The XL-SIEM incorporates a graphical visualization interface, which includes from high-level charts and diagrams, to detailed security information, allowing both expert and non-expert personnel to be aware of the status of the infrastructure in an intuitive way
Additionally, one key objective of the XL-SIEM is to increase the awareness of cybersecurity for the users, which is supported with an interface for visualization that includes high-level charts and diagrams in different dashboards, including decision-support ones.
Potential use cases
The main target user of our solution are cybersecurity experts of organizations, ranging from SMEs to large organization. These experts can take the bigger advantage of the functionalities and information our tool provide, not only from the selection of solutions for their systems but also for refining the information of the cybersecurity status and provide it to other layers of the organization for decision support (e.g. management).
Although XL-SIEM could be useful for any type of domain, the main focus relies on the information technology companies, which either support or work with data (e.g. personal, of organisations, etc.) or provide digital services. In that sense, organizations working with IoT devices, big data, cloud systems or services, etc. would the ones that take more advantage of this solution.
XL-SIEM will integrate additional assets that could give additional added value, as the Risk Assessment Engine (RAE).
The RAE provides several models in order to perform more complex analysis of the systems and provide, additionally, a business interpretation of the cyber risks, with expectations of costs and impact in the business for the threats.
This integration will evolve the XL-SIEM from a cybersecurity tool, addressed to technical managers, to a socio-economic tool, which will allow to non-technical managers to monetize the risk, and make choices to mitigate the risk according to non-technical information.