Security Information and Event Management (SIEM)
SIEM (Security Information and Event Management) based on IBM Qradar technology aggregates event data produced by security devices, network infrastructure, systems and applications. Event data is combined with contextual information about users, assets, threats and vulnerabilities. The data is correlated and analyzed for specific purposes, such as network security event monitoring, user activity monitoring and compliance reporting. The technology provides real-time security monitoring, historical analysis and other support for incident investigation and compliance reporting.
SIEM can also correlate system vulnerabilities with event and network data, helping to prioritize security incidents.
- Provides near real-time visibility
- Helps detect inappropriate use of applications, insider fraud, and advanced low and slow threats that can be lost among millions of events.
- Collects logs and events from several resources including security devices, operating systems, applications, databases, and identity and access management products.
- Collects network flow data, including Layer 7 (application-layer) data, from switches and routers.
- Obtains information from identity and access management products and infrastructure services such as Dynamic Host Configuration Protocol (DHCP); and receives vulnerability information from network and application vulnerability scanners.
- Reduces and prioritizes alerts
- Performs immediate event normalization and correlation with other data for threat detection and compliance reporting and auditing.
- Reduces billions of events and flows into a handful of actionable offenses and prioritizes them according to their business impact.
- Performs activity baselining and anomaly detection to identify changes in behavior associated with applications, hosts, users and areas of the network.
- Enables more effective threat management
- Tracks significant incidents and threats, providing links to all supporting data and context for easier investigation.
- erforms events and flow data searches in near real-time streaming mode or on a historical basis to enhance investigation.
- Deep insight and visibility into applications (such as enterprise resource management), databases, collaboration products and social media through Layer 7 network flow collection.
- Helps detect off-hours or unusual use of an application or cloud-based service, or network activity patterns that are inconsistent with historical usage patterns.
- Performs federated searches throughout large, geographically distributed environments.
- Delivers security intelligence in cloud environments
- Provides Soft Layer cloud installation capability.
- Collects events and flows from applications running both in the cloud and on premise.
- Produces detailed data access and user activity reports
- Tracks all access to customer data by username and IP address to ensure enforcement of data-privacy policies.
- Includes an intuitive reporting engine that does not require advanced database and report-writing skills.
- Provides the transparency, accountability and measurability to meet regulatory mandates and compliance reporting.
- Offers multi-tenancy and a master console
- Allows Managed Service Providers to cost-effectively deliver security intelligence using a single console that supports multiple customers.
- Leverages either on-premise or cloud based deployments
The Challenges With Legacy Vulnerability Management Programs
- Protecting from advanced malware and identifying malicious communications in real-time cannot be done through static reports
- Remediation of vulnerabilities is delayed and ineffective due to lack of visibility and proper context
- Compliance audits are not enough or are inaccurate
- Technologies such as mobile, virtual and cloud, cannot be adequately secured by periodic scanning alone
- A list of vulnerabilities without context guarantees that critical assets will not be patched in time
- Manually correlating risk across point security products is costly
- 100% asset discovery ensures all assets that connections to your network are identified, classified, and evaluated for vulnerabilities
- Non-intrusive vulnerability assessment between scans ensures minimal impact to assets
- Real-time continuous monitoring provides instant identification of vulnerabilities – without waiting for the next scheduled scan
- Attack paths analysis provides prioritization based on severity of vulnerability, exploitability of the vulnerability, and accessibility from outside attackers.
- Malware detection identifies active connections to botnets and compromised hosts communicating with malicious sites.
- Advanced threats detection identifies rapidly changing malware that anti-virus software may miss and identifies new threats that may not be publicly known.
- Integration with patch management systems validates detected vulnerabilities to patching to identify accurate remediation and detect conflicts.
- Context from Network Infrastructure, Patch Management Systems, MDM Systems, and Configuration Management Systems for accurate assessment of vulnerabilities
- Detection of mobile devices to identify, classify, and capture vulnerabilities
- MDM integration ensures that vulnerability management accounts for mobile device
Targeted attacks and advanced threats are customized to infiltrate your unique IT Infrastructure, evade conventional defenses, and remain hidden while stealing your Corporate data.
The advanced malware and evasive techniques used in these attacks is typically invisible to standard security solutions. Only virtual analysis, also known as Sandboxing, can reliably detect and analyze this malware by executing and observing suspicious files in a secure, isolated environment.
By integrating sandboxing analysis into your standard security products you can enhance their protection value and create a unified defense against targeted attacks.
Incident handling platform
Robust response to the day-to-day events that security teams must contend with is a growing challenge shared by organizations of all sizes, across all industries, globally. And responding well in the face of a cyber-crisis is harder as the stakes have gotten higher and the actors more sophisticated.
Our Incident Response Platform features Dynamic Playbooks, which automatically adapts to real-time incident conditions to ensure a fast and complete response for the entire organization and for all incident types (from malware to DDoS to lost devices). This agile, intelligent, and sophisticated response capability ensures organizations can meet the complex attacks of today and tomorrow.
IR teams can manage and collaborate on their response directly within the platform. Unlike ticketing systems and other general-purpose IT tools, our IRP is secure, fully configurable, and purpose-built for incident response. Comprehensive analysis, customizable dashboards, and robust reporting features ensure senior leadership can access key information when they need it.
Financial fraud is a serious risk with damaging consequences if not properly addressed. Year on year this risk becomes more complex with organized gangs of criminals using increasingly sophisticated techniques to compromise financial transactions and steal money. These attacks consist of multiple stages. Some of these stages, such as malware infections and social engineering scams take place on the client side and some – such as fraudulent transactions and unauthorized withdrawal of funds – on the service side e.g. within an organization’s infrastructure.
Advanced cyber threats targeting global and national financial institutions are growing in frequency and sophistication. Regulatory and market pressures, regardless of geographic region, further strain Banks’ ability to dedicate the necessary time and resources to properly defend against malicious malware and advanced fraud threats.
Until recently it was almost impossible to fully address these risks. The tools to protect customers utilizing online financial services were just not available. Standard banking measures (such as multifactor authentication) or anti-malware solutions are not enough because they do not protect all types of actions which are performed by a user of online financial services. And when it comes to financial transactions, it is of paramount importance to protect each stage of the mobile and online banking journey.
Fastwave solutions is based on technologies from leading Fraud Management vendors with integration with other key solutions like database encryption and multi-factor authentication.
Database security solutions
- prevents leaks from databases, data warehouses and Big Data environments such as Hadoop, ensures the integrity of information and automates compliance controls across heterogeneous environments
- It protects structured and unstructured data in databases, big data environments and file systems against threats and ensures compliance
- Prevent data leaks from databases and files, helping to ensure the integrity of information in the data center and automating compliance controls.
- It provides a scalable platform that enables continuous monitoring of structured and unstructured data traffic as well as enforcement of policies for sensitive data access enterprise-wide.
- A secure, centralized audit repository combined with an integrated workflow automation platform streamlines compliance validation activities across a wide variety of mandates.
- It leverages integration with IT management and other security management solutions to provide comprehensive data protection across the enterprise.
- They are intended to enable continuous monitoring of heterogeneous database and document-sharing infrastructures, as well as enforcement of your policies for sensitive data access across the enterprise, utilizing a scalable platform. A centralized audit repository designed to maximize security, combined with an integrated compliance workflow automation application, enables the products to streamline compliance validation activities across a wide variety of mandates.
Our products can help you
- Automatically locate databases and discover and classify sensitive information within them;
- Automatically assess database vulnerabilities and configuration flaws;
- Ensure that configurations are locked down after recommended changes are implemented;
- Enable high visibility at a granular level into database transactions that involve sensitive data;
- Track activities of end users who access data indirectly through enterprise applications;
- Monitor and enforce a wide range of policies, including sensitive data access, database change control, and privileged user actions;
- Create a single, secure centralized audit repository for large numbers of heterogeneous systems and databases; and
Automate the entire compliance auditing process, including creating and distributing reports as well as capturing comments and signatures
Multi Factor Authentication
Today’s enterprise is falling victim to unrelenting attacks that target physical and logical infrastructures, mobile platforms, user identities, network devices and more. To help defend against malicious assaults on corporate data and identities, organizations must look to an intelligent platform approach that provides proven security technology, Which helps simplify management efforts, enable seamless technology advances and ensures the company’s security measures can evolve as requirements of the organization change over time.
- Serves as a single management platform to secure mobile, cloud, physical and logical access
- Offers widest range of authentication methods from a single software platform, including smartcards and mobile solutions
- Protects leading applications like Core banking, Internet banking, Oracle, SAP, IP-SEC and SSL VPNs, Microsoft® Windows® desktops and enterprise Web applications like Microsoft® Outlook® Web Access
- Offers the widest range of authenticators on the market and all from a single, cost-effective software platform. And the addition of smartcards, mobile smart credentials, biometrics and digital certificates extends the platform’s versatility, scalability and cost-effectiveness.
- The solution’s authentication capabilities include IP-geolocation, device, questions and answers, out-of-band one-time passcode with transaction details for verification (delivered via voice, SMS, email or Mobile), grid and eGrid cards, biometrics, digital certificates (in software or on smartcards/USB Tokens), mobile smart credentials and a range of One-time-passcode tokens
- Open API architecture allows for tight integration with today’s leading mobile device management (MDM), identity access management (IAM) and public key infrastructure (PKI) vendors. This enables solution to work with new and existing enterprise implementations, plus adds the ability to integrate in-house or managed service-based digital certificates
- Provides proven protection against man-in-the-browser attacks
- Cost-effective for large deployments in consumer, enterprise or business-banking environments
- Built on decades of experience in securing identities for the world’s largest banks and governments