-
SIEM — LOGmanager is a lightweight but still powerful Security Information and Event Management solution developed with mind for specific regulations, requirements and conditions in Central and Eastern Europe
-
Logmanagement – System for central management of events and logs from security appliances, operating systems, application software and network devices.
-
Is powered by a brand new type of database with scalable, near real-time search engine and well-arranged graphical presentation for given search queries.
-
Comes with „Windows Event Sender“ for collection and filtering of logs from Windows operating systems.
What LOGmanager solves
Single log and events repository for whole organization or data center
Support for quick resolution of Critical IT incidents
Unique support for collection and filtering of logs from Windows environment
SEM — Security Event Management with complex log parsing.
Unlimited, custom defined alerting
Reporting and analysis of events and Security related incidents
Regulatory and government requirements
References
-
Czech TV – “Just 2 admins spent only 2% of their working hours. Mostly adding or correcting log sources, adding alerts and general use of the system. In comparison with other tools we appreciate simplicity, intuitive control, synoptic graphical interface and no-license product policy. LOGmanager gives us exactly what we need – orientation in Security and Operational events of the computer environment on Czech TV.”
Ing.René Pisinger, Manager of IT Support
-
Prague 3 Municipal District – “We do not need an expensive SIEM solution with amount of complex features. We were looking for central repository of logs with analytic functions and sufficient performance. LOGmanager has adequate price, is easy to work with and has no EPS or device license policy. It exactly fits our needs.“
Tomáš Hilmar, CIO Prague 3, Municipal District of the Capital City of Prague.
-
University of Ostrava – „Through our Firewall runs communication of 20 000 university network users. Such amount of connections is not easy to log and control. We were facing performance issues, licensing for events per second, licensing per devices. LOGmanager has great performance and no licensing on top of it.“
Jiří Kubina, Network Admin, University of Ostrava IT department
-
State Land Office of Czech Republic – „Our organization manages Czech Republic state owned land in billions worth. All communication in our network and all transactions in our applications must be logged for security reasons and maintained in long-term resilient storage. Open-source solutions aren’t exercising well for us and commercial products, we alluded to the performance and license restrictions…“
Ing.Martin Kučera, IT Security
-
The State Agricultural Intervention Fund – „Firstly, we were looking for a tool to store the audit information about transactions from our System for the distribution of subsidies to farmers. Everywhere we face problems with licensing and low performance. We finally deployed LOGmanager not only to store audit information, but also for the management of all logs in our organization. Now we have a simple while still powerful tool for troubleshooting and auditing simultaneously.“
Ing. Zdeněk Niepel, IT department Director
-
University of Economics – „The computer network of our university connecting via LAN and WLAN more than 11,000 devices and 17,500 active students and academics. In such quantities, it is difficult to keep track of events and its relations. LOGmanager gives us an overview of all events in our computer network, including the significant correlations between them.“
Tomáš Skřivan, IT Networking, Department Director
Key features
> Logmanagement with basic correlation features
> Central overview with graphical presentation
> Fast and intuitive search engine
> Unification of the log entries from different sources
> 40 TB of long-term storage space
> Meet typical government requirements for Cyber Security and ISO 27001 for storing audit logs
> Store logs for computer security incident response team and/or juridical agencies
> Store logs for IT operations from all networking and security appliances, servers and computers
> Prevent loss of critical data
> Support confirmation of log collection (if supported by source)
> Support identity of source to prevent event forgery (if supported by source)
> Active/Active cluster support
> No licensing on EPS (event per second) or per source device licensing
Windows Event Sender
Native part of the LOGmanager is „Windows Event Sender“ – client for computers and servers log collection. Client is centrally managed and allows collection of logs from systems running Microsoft Windows. It support filtering of the events and automatic translation of the encoded MS Event ID’s to “human readable” form. Documentation contain unique elaborate, how to correctly define Microsoft Advanced Audit Policies, so Windows collected logs carry desired information.
-
Use Case 1
Protecting digital assets against loss, damage or deliberate modification and deletion
Protection against the common practice of cyber attackers – Covering tracks. For each successful penetration into the system, the attacker deletes or modifies all logs and thus evidence of compromise of the system. Forwarding logs in real time to a central repository mean you can be always sure having unmodified data. Thanks to trusted data you can find, if your system had been compromised and how the attacker penetrated the system. Without determining which way the attacker penetrated into the system, it is not possible to secure the system against repeated attacks and provide valuable information for forensic analysis.
-
Use Case 2
Compliance with regulations
Organization due to its action requires a central management system, analysis and reporting outputs from security devices, operating systems and applications. „…and You know it.“
-
Use Case 3
Monitoring of security – network security
> Monitoring and correlation outputs from devices for network security such as firewalls, IDS / IPS systems, wireless networking, remote access, proxy and so on.
> VPN stats, VPN configuration, user activity, connection activity.
> Stats and reports for Web Content Filtering. -
Use Case 4
Monitoring of firewall load and control of FW rules efficiency
> Which rules hits the most.
> Which rules are not efficient.
> Where are the gaps in FW configuration – audit of existing rule-sets.
> Identification of the flows and creation of new policy proposals. -
Use Case 5
Config change management
Who, when and with what result carried out, or attempted to carry out, configuration changes to devices.
-
Use Case 6
Information related to the verification of network Network Login 802.1x
> Operational analysis support for the deployment of the network access authentication.
> Audit logs of successful and failed logins.
> Simplified diagnostics for Guest access management. -
Use Case 7
Violation of security policies and rules
> Communication trough unauthorized SMTP servers.
> Monitoring of P2P networks usage.
> Single pane for monitoring users access to unauthorized Web sites/services.
> Suspicious activity with opening too many connections (SSH, Web, SMTP, …).
> Access control outside proxy (servers, apps, people).
> Adherence of communication policy between network segments.
> Attempts to access beyond the authorized services and/or protocols. -
Use Case 8
Control bandwidth utilization – most active users
> Which users and what applications are the biggest consumers of Internet bandwidth and WAN connections.
> Developments / trends in the use of bandwidth.
> Unusual operations associated with the use of internet connection – trace the possible source of ingress or an internal user is attempting to lead the company’s data over the Internet connection.
> Identification of the cover channels. -
Use Case 9
Collection system and operational logs, seamless log management
> From computers and servers.
> From the databases for the purpose of finding errors in databases, database access, configuration changes.
> Monitoring anomalies. -
Use Case 10
SIEM Functions
> Event correlation (over time, by IP addresses, etc.).
> Correlation of limit values exceedance.
> Statistical correlations.
> Correlation of security event.
> Correlation of vulnerability.
> Connection/flow correlation.
> GeoLocation visibility. -
Use Case 11
Business applications and databases
> Logging access to company sensitive data.
> Records retention changes.
> Event correlation for applications and security systems.
LOGmanager Features
> Unlimited amount of log/event sources. No licensing at all.
> Syslog Output, REST API.
> Complex documentation with solved cases examples.
> Direct technical support from vendor.
> Easy to deploy active/active clustering.
Forwarder for LOGmanager
> System for remote log-event collection and multi-tenancy support.
> Available as a small physical appliance or as a virtual appliance for VMware.
> Automated setup of IPSec, easy to implement with QoS, great performance.
Big LOGmanager
> Continuous intake of up to 6,000 events per second.
> The base storage for 40TB of logs for easy scaling of performance and storage capacity.
> External disk array RAID 6 for advanced protection against disk failure.
Small LOGmanager
> Continuous intake of up to 2,000 events per second.
> The base storage for 12TB of logs for easy scaling of performance and storage capacity.
> External disk array RAID 5 for standard protection against disk failure.
Supported devices
Networking > Cisco, HP, Huawei, Aruba, Dell, H3C, Extereme Networks, Brocade SAN, Mikrotik
Firewalls > Fortinet, Juniper, Checkpoint, Kernum, Cisco ASA, Dell SonicWall, H3C, Hillstone, Sophos
Windows server and desktop OS > DHCP, Firewall, IIS, Sharepoint
Linux servers > Apache httpd, Tomcat, Nginx
VMWare ESX, Vcenter, FlowMon
WiFi > FortiNet, Aruba, HP, Cisco, H3C, Trapeze/Juniper, UBNT, Dell
Antivirus software > AVAST, AVG, ESET, Kaspersky, Microsoft Defender
Directory services > MS ActiveDirectory, Novell eDirectory
Databases > SAP, Oracle, MS SQL, MySQL
Systems for advanced control of 802.1X > Addnet, GAMA
User define sources and any source device supporting JSON, CEF and LEEF format
LOGmanager @ Media
So far only in Czech language, sorry…
> Nasazení LOGmanager v České televizi
> Křišťálová koule – článek v CW 06/2016
> Rozhovor v ComputerWold 07/2016
> Rozhovor v SecurityWorld 06/2016
> Proč začít logmanagementem, a ne hned se SIEM?
> Aby logy přestaly být noční můrou
> Státní pozemkový úřad implementoval systém pro logmanagement a analýzu logů LOGmanager.
Resources to download
Contact
Distribution: Veracomp s. r. o.
Address: Safarikova 201/17, 120 00 Praha 2, Czech Republic
E-mail: logmanager@veracomp.cz
Web: www.veracomp.cz
Tel.: +420 724 647 785
Development: Sirwisa a. s.
Address: Zubateho 295/5, 150 00 Prague 5, Czech Republic
For visits and delivery: Stefanikova 43a, 150 00 Prague 5, Czech Republic
E-mail: sales@logmanager.cz
Web: www.logmanager.cz
Tel.: +420 257 211 849
Sirwisa
Career
Tired of large corporations? Come & join us to develop! Relax and well-being …
