RandomStorm releases next-generation Log Analysis PlatformJune 12, 2013 No Comments
Leeds, 11th June 2013: network vulnerability management and compliance vendor, RandomStorm has released its new integrated log analysis; host-based intrusion detection system (HIDS) and file integrity platform, StormAgent.
StormAgent automates protective monitoring of network hosts, reducing the time needed to sift through millions of log files to identify potential threats, from hours to minutes.
This latest release of StormAgent represents a step-change in log analysis capability. At the core of the system, RandomStorm’s Instance, Event, Alert (IEA) algorithm identifies, classifies and stores alerts into IP and time-based Events that are associated with Instances of matched rules1. Capable of processing up to twenty eight million logs per day, StormAgent categorises and stores recurring security alerts into manageable and meaningful groups associated with specific hosts across the network, over a ninety day time window.
StormAgent’s graphical and menu-driven management dashboard enables users to quickly drill down into each Instance, based on five thousand pre-defined rules, to view the correlated alerts and access vital information such as the source IP address and the timeline of the event, to help users to assess the severity of security risks.
Together with its alert management functionality, StormAgent provides an enterprise-class HIDS and file integrity management tool that can be configured to monitor critical hosts, identify imminent threats and pinpoint any changes to confidential files in real-time, an essential compliance requirement under the Payment Card Industry Data Security Standard (PCI DSS) and other guidelines.2
To encourage rapid remediation of the most critical network security issues, StormAgent includes task management and escalation capability: creating tickets and allocating tasks to specific users to ensure that the warning signs of an imminent threat are first of all identified and then dealt with, before a breach occurs.
Built for SME and enterprise networks, StormAgent is highly scalable and can support diverse, multi-platform networks including Linux™, Apple Macintosh® Microsoft Windows® and IBM iSeries (AS/400) environments. Incorporating a sophisticated asset management tool, StormAgent can be configured to monitor and report on individual or grouped hosts to aid close monitoring of business-critical applications and resources.
Commenting on the new log analysis platform Andrew Mason, co-founder and Technical Director of RandomStorm said, “The security status of networks and data storage devices needs to be continuously monitored to protect intellectual property and sensitive customer data. Anomalous activity, such as repeated failed logins, attacks on unused ports, or abnormally high levels of network traffic and bandwidth consumption, can raise the alarm that an attack is in progress. However, with billions of alerts being logged each year, important indicators can get overlooked. StormAgent provides system managers with a powerful tool that filters out the most vital information and most importantly, makes it understandable, so that staff can act swiftly to thwart an attack.”
Note to editors:
An “Instance” is an occurrence of a matched security rule
An “Alert” is created following an Instance, such as a password failure.
Recurring Alerts generated by individual IP addresses over a configurable time window are classified as one Event
Repeat Alerts occurring outside the time parameter are classified as a separate Event within the same Instance.
Payment Card Industry Data Security Standard Version 2.0, Pages 55-57: “Regularly Monitor and Test Networks”: 10.2.3: “Verify access to all audit trails is logged”; 10.2.4: “Verify invalid logical access attempts are logged” 10.3.6: “Verify identity or name of affected data, system component, or resource is included in log entries” 10.5.5. “10.5.5 Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert).” Pg 62 11.4 “Use intrusion-detection systems, and/or intrusion-prevention systems to monitor all traffic at the perimeter of the cardholder data environment as well as at critical points inside of the cardholder data environment, and alert personnel to suspected compromises”. “Keep all intrusion-detection and prevention engines, baselines, and signatures up-to-date”. https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf Page 55
RandomStorm is a UK-based network security, vulnerability management and compliance company, focused on providing enterprise-level, proactive security management tools and services. RandomStorm’s experienced and certified security experts are able to offer customers a wide range of integrated world-class security vulnerability assessment and professional security services. Covering initial consultancy and gap analysis through to network and application testing, as well as managing client’s business compliance accreditation process, RandomStorm aims to work with organisations to ensure that their security investment is fully optimised on a 24/7/365 basis.
RandomStorm’s core products are supported by a range of complementary monitoring, alerting and remediation tools and services developed under the RandomStorm Open Source Initiative.
RandomStorm is a CESG CHECK security consultancy as well as a Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the Payment Card Industry Data Security Standard (PCI DSS). Please visit http://www.randomstorm.com for further information.