UserGate SIEM (SIEM) is a solution based on the UserGate Log Analyzer (LogAn) product that implements functions of a SIEM (Security Information and Event Management) and an IRP (Incident Response Platform) system.
A SIEM system is a system that manages security information and information security events. SIEM collects and stores data from various sources (sensors), such as UserGate Next-Generation Firewalls, UserGate endpoints control and monitoring systems, SNMP sensors, and WMI sensors. The processing result is presented in a unified interface, which makes it easier to study the unique patterns of security incidents. Based on the received data, SIEM in real time uses analytics rules to aggregate and correlate repeating events, producing cybersecurity incidents as a result. Incident response rules provide a way to determine automatically how to respond to information security incidents.
To investigate cybersecurity incidents, an IRP system is used that is part of SIEM. An IRP system is a platform for managing the processes of responding to information security incidents. SIEM allows you to customize the incident investigation process to the needs of a specific company.
SIEM is available as a hardware and software system (HSC, appliance) or as a virtual machine image (virtual appliance) designed to be deployed in a virtual environment.