• log_logobig

    SIEM — LOGmanager is a lightweight but still powerful Security Information and Event Management solution developed with mind for specific regulations, requirements and conditions in Central and Eastern Europe

  • log_logobig

    Logmanagement – System for central management of events and logs from security appliances, operating systems, application software and network devices.

  • log_logobig

    Is powered by a brand new type of database with scalable, near real-time search engine and well-arranged graphical presentation for given search queries.

  • log_logobig

    Comes with „Windows Event Sender“ for collection and filtering of logs from Windows operating systems.

otaznik
What LOGmanager solves

fajfka Single log and events repository for whole organization or data center
fajfka Support for quick resolution of Critical IT incidents
fajfka Unique support for collection and filtering of logs from Windows environment
fajfka SEM — Security Event Management with complex log parsing.
fajfka Unlimited, custom defined alerting
fajfka Reporting and analysis of events and Security related incidents
fajfka Regulatory and government requirements

References

  • ct

    Czech TV – “Just 2 admins spent only 2% of their working hours. Mostly adding or correcting log sources, adding alerts and general use of the system. In comparison with other tools we appreciate simplicity, intuitive control, synoptic graphical interface and no-license product policy. LOGmanager gives us exactly what we need – orientation in Security and Operational events of the computer environment on Czech TV.”

    Ing.René Pisinger, Manager of IT Support

    > Details

  • llm1

    Prague 3 Municipal District – “We do not need an expensive SIEM solution with amount of complex features. We were looking for central repository of logs with analytic functions and sufficient performance. LOGmanager has adequate price, is easy to work with and has no EPS or device license policy. It exactly fits our needs.“

    Tomáš Hilmar, CIO Prague 3, Municipal District of the Capital City of Prague.

    > Details

  • llm2

    University of Ostrava – „Through our Firewall runs communication of 20 000 university network users. Such amount of connections is not easy to log and control. We were facing performance issues, licensing for events per second, licensing per devices. LOGmanager has great performance and no licensing on top of it.“

    Jiří Kubina, Network Admin, University of Ostrava IT department

     

  • State Land Office of Czech Republic – „Our organization manages Czech Republic state owned land in billions worth. All communication in our network and all transactions in our applications must be logged for security reasons and maintained in long-term resilient storage. Open-source solutions aren’t exercising well for us and commercial products, we alluded to the performance and license restrictions…“

    Ing.Martin Kučera, IT Security

     

     

  • llm5

    The State Agricultural Intervention Fund – „Firstly, we were looking for a tool to store the audit information about transactions from our System for the distribution of subsidies to farmers. Everywhere we face problems with licensing and low performance. We finally deployed LOGmanager not only to store audit information, but also for the management of all logs in our organization. Now we have a simple while still powerful tool for troubleshooting and auditing simultaneously.“

    Ing. Zdeněk Niepel, IT department Director

     

  • VSE

    University of Economics – „The computer network of our university connecting via LAN and WLAN more than 11,000 devices and 17,500 active students and academics. In such quantities, it is difficult to keep track of events and its relations. LOGmanager gives us an overview of all events in our computer network, including the significant correlations between them.“

    Tomáš Skřivan, IT Networking, Department Director

Key features

> Logmanagement with  basic correlation features

> Central overview with graphical presentation

> Fast and intuitive search engine

> Unification of the log entries from different sources

> 40 TB of long-term storage space

> Meet typical government requirements for Cyber Security and ISO 27001 for storing audit logs

> Store logs for computer security incident response team and/or juridical agencies

> Store logs for IT operations from all networking and security appliances, servers and computers

> Prevent loss of critical data

> Support confirmation of log collection (if supported by source)

> Support identity of source to prevent event forgery (if supported by source)

> Active/Active cluster support

> No licensing on EPS (event per second) or per source device licensing

Intro
oddel

Windows Event Sender

wwi

Native part of the LOGmanager is „Windows Event Sender“ – client for computers and servers log collection. Client is centrally managed and allows collection of logs from systems running Microsoft Windows. It support filtering of the events and automatic translation of the encoded MS Event ID’s to “human readable” form. Documentation contain unique elaborate, how to correctly define Microsoft Advanced Audit Policies, so Windows collected logs carry desired information.

 

  • Use Case 1

    stop

    Protecting digital assets against loss, damage or deliberate modification and deletion

    Protection against the common practice of cyber attackers – Covering tracks. For each successful penetration into the system, the attacker deletes or modifies all logs and thus evidence of compromise of the system. Forwarding logs in real time to a central repository mean you can be always sure having unmodified data. Thanks to trusted data you can find, if your system had been compromised and how the attacker penetrated the system. Without determining which way the attacker penetrated into the system, it is not possible to secure the system against repeated attacks and provide valuable information for forensic analysis.

  • Use Case 2

    icnpr

    Compliance with regulations

    Organization due to its action requires a central management system, analysis and reporting outputs from security devices, operating systems and applications. „…and You know it.“

  • Use Case 3

    mkd4

    Monitoring of security – network security

    > Monitoring and correlation outputs from devices for network security such as firewalls, IDS / IPS systems, wireless networking, remote access, proxy and so on.
    > VPN stats, VPN configuration, user activity, connection activity.
    > Stats and reports for Web Content Filtering.

     

  • Use Case 4

    sad

    Monitoring of firewall load and control of FW rules efficiency

    > Which rules hits the most.
    > Which rules are not efficient.
    > Where are the gaps in FW configuration – audit of existing rule-sets.
    > Identification of the flows and creation of new policy proposals.

     

  • Use Case 5

    mkd2

    Config change management

    Who, when and with what result carried out, or attempted to carry out, configuration changes to devices.

  • Use Case 6

    8022

    Information related to the verification of network Network Login 802.1x

    > Operational analysis support for the deployment of the network access authentication.
    > Audit logs of successful and failed logins.
    > Simplified diagnostics for Guest access management.

     

     

  • Use Case 7

    ssl1

    Violation of security policies and rules

    >  Communication trough unauthorized SMTP servers.
    >  Monitoring of P2P networks usage.
    >  Single pane for monitoring users access to unauthorized Web sites/services.
    >  Suspicious activity with opening too many connections (SSH, Web, SMTP, …).
    >  Access control outside proxy (servers, apps, people).
    >  Adherence of communication policy between network segments.
    >  Attempts to access beyond the authorized services and/or protocols.

     

  • Use Case 8

    ssl2

    Control bandwidth utilization – most active users

    > Which users and what applications are the biggest consumers of Internet bandwidth and WAN connections.
    > Developments / trends in the use of bandwidth.
    > Unusual operations associated with the use of internet connection – trace the possible source of ingress or an internal user is attempting to lead the company’s data over the Internet connection.
    > Identification of the cover channels.

     

  • Use Case 9

    ssl3

    Collection system and operational logs, seamless log management

    > From computers and servers.
    > From the databases for the purpose of finding errors in databases, database access, configuration changes.
    > Monitoring anomalies.

     

  • Use Case 10

    ssl4

    SIEM Functions

    > Event correlation (over time, by IP addresses, etc.).
    >  Correlation of limit values exceedance.
    >  Statistical correlations.
    >  Correlation of security event.
    >  Correlation of vulnerability.
    >  Connection/flow correlation.
    > GeoLocation visibility.

     

  • Use Case 11

    Business applications and databases

    > Logging access to company sensitive data.
    > Records retention changes.
    > Event correlation for applications and security systems.

     

LOGmanager Features

> Unlimited amount of log/event sources. No licensing at all.

> Syslog Output, REST API.

> Complex documentation with solved cases examples.

> Direct technical support from vendor.

> Easy to deploy active/active clustering.

 

Forwarder for LOGmanager

> System for remote log-event collection and multi-tenancy support.

> Available as a small physical appliance or as a virtual appliance for VMware.

> Automated setup of IPSec, easy to implement with QoS, great performance.

Big LOGmanager

> Continuous intake of up to 6,000 events per second.

> The base storage for 40TB of logs for easy scaling of performance and storage capacity.

> External disk array RAID 6 for advanced protection against disk failure.

 

Small LOGmanager

> Continuous intake of up to 2,000 events per second.

> The base storage for 12TB of logs for easy scaling of performance and storage capacity.

> External disk array RAID 5 for standard protection against disk failure.

oddel

Supported devices

Networking > Cisco, HP, Huawei, Aruba, Dell, H3C, Extereme Networks, Brocade SAN, Mikrotik

l1_01      l1_03      l1_05      l1_07      l1_09      l1_11

Firewalls > Fortinet, Juniper, Checkpoint, Kernum, Cisco ASA, Dell SonicWall, H3C, Hillstone, Sophos

l2_01 l2_03   l2_05  l2_07  l6_07   l2_11  l2_13  hillstone-networks

Windows server and desktop OS > DHCP, Firewall, IIS, Sharepoint

l3_03              wsrv08         wsrv12        wsrv16          w7           w8   w10

Linux servers > Apache httpd, Tomcat, Nginx

l4_01     l4_03     l4_05     l4_07

VMWare ESX, Vcenter, FlowMon

l5_02       l5_04

WiFi > FortiNet, Aruba, HP, Cisco, H3C, Trapeze/Juniper, UBNT, Dell

l6_01    l6_03        l6_07      l6_11    l6_13

Antivirus software > AVAST, AVG, ESET, Kaspersky, Microsoft Defender

l7_02     l7_04

Directory services > MS ActiveDirectory, Novell eDirectory

l8_01      l8_03

Databases > SAP, Oracle, MS SQL, MySQL

l10_01       l10_03       l10_05       l10_07

Systems for advanced control of 802.1X > Addnet, GAMA

l9_01

User define sources and any source device supporting JSON, CEF and LEEF format

 

oddel

LOGmanager @ Media

oddel

Resources to download

Contact

Distribution: Veracomp s. r. o.
Address: Safarikova 201/17, 120 00 Praha 2, Czech Republic
E-mail: logmanager@veracomp.cz
Web: www.veracomp.cz
Tel.: +420 724 647 785

Development: Sirwisa a. s.
Address: Zubateho 295/5, 150 00 Prague 5, Czech Republic
For visits and delivery: Stefanikova 43a, 150 00 Prague 5, Czech Republic
E-mail: sales@logmanager.cz
Web: www.logmanager.cz
Tel.: +420 257 211 849

oddel

Sirwisa

The company Sirwisa a. s. is purely Czech software company, focusing on the development of software security solutions.

Career

Tired of large corporations? Come & join us to develop! Relax and well-being …

E-mail: sales@logmanager.cz

logo
© 2016 Sirwisa a. s. Všechna práva vyhrazena.