Qrapp SIEM

Services
Qrapp SIEM

Qrapp's SIEM Solution

Overview

Qrap SIEM is a SIEM platform enhanced with self-diagnostics and self-optimization features. Based on IBM QRadar® SIEM system, Qrapp SIEM is enhanced with an automated monitoring tool that allows security administrators to continuously sustain the SIEM system operability.

Problem

Security Information and Event Management (SIEM) System provides real-time visibility of the entire IT infrastructure. Yet, in the long run, it starts to pose performance challenges:

Inefficient EPS license capacity utilization.

Low log data quality and performance.

Security events omission.

Misfiring rules.

Heavy rules and reports.

As a result:

Vulnerable perimeter, costly administration and low ROI.

Purpose

24/7 Real-time APT, fraud and insider threat detection.

Key Functions

Log data collecting and storing.

Qrapp SIEM collects and stores large volumes of log data from all network devices, business applications, OS databases.

Event normalization and categorization.

Qrapp SIEM parses raw input events from disparate sources, stores and presents them in a readable format. Applies identical categories for events with the same meaning: for instance, Windows User Logon and Linux User Logon have the same category.

Compliance and reporting.

Qrapp SIEM generates a comprehensive report to comply with major security standards, such as Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS) and more. Provides the ability to create a custom reports.

Event & flow analysis and correlation.

Qrapp SIEM processes numerous events and flows and determines relations between them in real-time mode or analyzes events and flows already stored.

Risk management.

On the basis of collected data from firewalls, routers, switchers IPSs, vulnerability feeds and third-party security sources Qrapp SIEM is able to monitor its configurations, prioritize security risks and vulnerabilities in your network.

Network traffic analysis.

Qrapp SIEM helps to sense, detect and respond to activities throughout your network to identify malicious traffic packets and evaluate network utilization.

Vulnerability management.

Qrapp SIEM intelligence promptly discovers, analyzes and reports about vulnerabilities in your network helping to prioritize remediation activities.

SIEM health and performance monitoring and analysis.

Qrapp SIEM provides all-round visibility into statistical, performance and behavioral parameters of the system itself at any given moment.

Data quality analysis and fine-tuning assistance.

Qrapp SIEM helps to improve log data quality and minimize risks of missing log data despite high loads of the system. In addition, the solution enables quick and well-timed fine-tuning by in-house security specialists.

Unique Features

Over 50 performance and behavioral metrics, 25 health markers

Provide on-the-fly performance assessment and configuration fine-tuning. Get an accurate portrait of the system with insights into such important aspects as:

Critical modification to log sources.

Presence of uncategorized or unknown events.

Excessive time of correlation rule execution.

Slow response of correlation rules.

Detected auto-update errors.