Next Generation Security and Event Management (NG-SIEM)
The Next Generation Security and Event Management (NG-SIEM) is the latest generation of network security monitoring systems and data processing solutions that had been developed and proven in the security information and event management (SIEM). Its customisable systems can be quickly integrated into almost any technology environments. The NG-SIEM provides Cyber Security Intelligence for security analysts, and makes it possible to detect, track or stop security incidents such as internal or even external attacks. By analysing real-time data from billions of organisational/agency IT data and logs, the NG-SIEM is capable to detect anomalies in users, systems or network behaviours, and link events and indicators using internal and external data sources.
- Complete content data, unfiltered collection of packages.
- Session data, conversations between nodes.
- Transaction data, requests and replies between nodes.
- Statistical data, traffic descriptions, such as protocols and volumes.
- Meta data, the aspect of data related to who has a specific IP address.
- Alert/log data, trigger of detection tool, tracking user logins.
- Data Security Visualisation
The NG-SIEM function makes it possible to see visually and in real-time what is being done, so that you can track it across the system and network on any activity logs and decide whether you want to deactivate the account or to have a temporary pause. Having the ability to encapsulate and analyse activity logs from network security in one solution, the NG-SIEM provides full context and forensic visibility to the network traffic and monitors it.
2. Proactive Defence
Proactive defence enables real-time analysis on attacks that will provide protection against detected attackers as well as against any attacks that are unknown to public. By creating digital copies of IoT/IT devices and exposing them to the internet, it provides real-time information on:
1) Bad actors: some unauthorised personnels are trying to perform an attack/scan on the system.
2) Latest & unknown types of attacks against specific devices and services.
3) Certain groups, which carry out attacks with specific targets against the system.
Cyber Threat Intelligence (CTI)
The Cyber Threat Intelligence is a process of identifying and evaluating data obtained from potential threats or issues. The Cyber Threat Intelligence is crucial for the maintenance of network security and systems from cyber threats that lurk every day. The Cyber Threat Intelligence will have positive impacts on the performance of the cyber security team within an agency. The team will be able to foresee potential attempts to infiltrate the system. The Cyber Threat Intelligence also enables quick response from the Cyber Security Team to apprehend the existing attacks
- Data Validation: Validating data from the sources to ensure it will be useful for enriching other information.
- Data Mapping: Map out data for easy usage.
- Data Entry Standards: Provided with standards for easy integration with the system.
- XML/JSON-based: A text-based and easily parsed.
- Distributed System: Multiple systems can be deployed to several machines in order to collect more data.