CYLOG SIEM is a log management and alert (SIEM) product that lets you centrally collect logs created by laptops, desktops, servers (Windows, Unix, Linux, etc.), network devices, application servers, firewalls, and any other system within your organization and receive real-time alerts from these logs.
CYLOG SIEM includes all the functions of a SIEM product while it can also be used to increase the effectiveness of the SIEM product available in your organization.
Why CYLOG SIEM?
Easy Conformity to Security Audits: It helps you meet the control requirements in accordance with ISO 27001, PCI, SOX, COBIT, and similar security standards and procedures.
Proactive Intervention: Security breaches do not happen all of a sudden. With the analyses of the events that occur before the breach, such situations can be detected in advance. For example, an employee who is about to leave the company can back up their files, compresses them, and copies them to the cloud or a USB storage device. With CYLOG SIEM, you can detect such events in advance.
Fast Response in Criminal Investigations:: Responding to a request from the prosecutor's office or relevant authorities on the grounds that an event on your corporate computers is connected to a recent forensic investigation is important for the protection of your corporate identity.
Protection of Your Commercial Value: It allows you to proactively detect when sensitive information, patient records, personal information of your personnel, customer documents and records, and information and documents of commercial importance are shared with other organizations and persons and/or to develop the necessary methods to take proactive measures against such events.
Customizable Dashboards: CYLOG SIEM is provided with numerous ready-made dashboards, but it is possible for users to prepare their own dashboards and share them within the organization.
How CYLOG SIEM Different?
Detection of synthetic (off-record) events: With its micro agent, it detects not only the events reported by the operating system but also the events that can cause a security breach: For example, files copied to USB devices, records of system administrators' access to user computers, and many similar events are not recorded by the operating system. CYLOG SIEM Agent monitors and records such and similar events.
It is installed and available to use in a short time: CYLOG SIEM installation is completed in only a few hours. Agents are deployed to user and server systems in silence with Active Directory or a software product used for this purpose. In this way, you start collecting information the next day.
You get fast results with available warning rules: CYLOG SIEM Server has been used in many organizations and companies since 2005. Improvements from these experiences are built into the product with every CYLOG SIEM installation. Thanks to this cycle, you immediately start benefitting from current threats, warnings, and reports.
Easy integration with systems in your server park: With CYLOG SIEM Server, you can also collect the logs of other products in your data center. CYLOG SIEM lets you easily monitor the events that occur on your Linux operating systems, network devices, databases, and application servers.
Corporate software and hardware inventory: With the detailed software and hardware inventory collected by CYLOG SIEM agents, you can obtain information about all the software and hardware within your organization and plan your hardware and software updates based on this information.
· Notifying the system administration through various methods (SMS, email, application execution, images) when a critical event occurs, · Ability to build a correlation between different events, · Proactively notifying you of failures (disk failures) that may occur in your user computers.
Examples of events detected by operating system event logs:
· Detecting whether your service accounts that should not be used interactively are used for other purposes, · Successful/failed login attempts that occur in any server, · Actions taken in user accounts (password reset, user creation, user deletion, etc.), · Actions taken in group accounts (new group creation, changing group member, etc.), · Events occurring in file servers (file deletion, change, creation, etc.), · Users’ session activity (login, logout, locking, activation/deactivation of screen saver), · Tracking of changes made in Active Directory (Group Policy, OU, etc.), · Tracking of printer activities, · Tracking of new application installations.
Examples of events that can be monitored by collectors:· Logs of sent/received emails, · Access logs of firewalls and active network devices, · Collection of access and operational logs of critical applications (SAP, SQL Server, Oracle, Exchange Server, etc.), · Collection of Web/FTP/SMTP and internet service server logs, · The resources supported by Collector Framework are listed below:     · EventLog,     · Logs based on text file (W3C, IIS, LOG, CSV, TXT, TSV, v.s.)     · Syslog (UDP and TCP),    · OPSEC LEA (Checkpoint),     · Database (MSSQL, ORACLE, MYSQL, ODBC and others),     · Special systems (special log collection method based on the product).
Examples of events that can be detected by agents:
· Tracking of access (without notice) to machines by system administrators, · Usage of hacking applications (Wireshark, Cain&Abel, Nessus, etc.), · Detection of hardware keylogger devices, · Detection of network monitoring events, · Tracking of indices open to sharing, · Identification of the machines creating the most network traffic, · Attacks against user computers (password cracking etc.), · Identification of advanced password cracking methods (KONBOOT, ERDCommander, etc.), · Detection of any device attached to user computers, · Attacks that users carried out/can carry out, · Tracking of USB storage devices and logging their activities (copying, deletion, etc.), · Transfer of the image on the screen to a different environment via PrintScreen or any other application, · Hardware and software inventory in computers (on which computers the application X is installed, etc.), · Tracking and prevention of malicious applications that can be run on computers (password cracking, keylogger, etc.), · Detection of such events as uninstall, deactivation, or activation of the plugins on Microsoft Office application, · Tracking of registry keys and values, · Tracking of the changes made in the host file.
Events detected by CYLOG SIEM APP TRACKER:
· Tracking of application usage and operating time,
· Tracking of addresses that establish internet connection (http/https) without using the firewall (mobile phone, non-corporate wireless access point, etc.),
· Tracking of the period of inactivity on a computer,
CYLOG SIEM also works in an integrated way with CYLOG APP TRACKER, CYLOG DATA SKOPE, and CYLOG SCREEN RECORDER to enable management on a single interface.