RuSIEM is a product company with an international presence. Our main product is the system for monitoring and managing information security events based on symptoms and the real-time data analysis, for large and medium-sized companies. The mission of RuSIEM is to meet the basic information security needs of even small and medium companies with proper efficiency and moderate cost of ownership.
All fields are required.
When you press "Contuct us" you give us agreement with Confidential policy
When you press "Contuct us" you give us agreement with Confidential policy
The cost of our product depends on specific conditions and project requirements. To determine the most appropriate functionality for a specific project and calculate its cost, it is recommended to contact our specialists.
2014
570+
> 50M
10 000+
start of product
development
development
partners
worldwide
worldwide
EPS on
commercial installations
commercial installations
RvSIEM version
installations
installations
SIEM
(Security Information and Event Management)
SIEM can show the most complete picture of network activity and information security events. When usual means of detecting can't see attacks by itself, SIEM can analysis and correlation from different sources. So SIEM is additional and very important element of protection from target attacks.
Improved unauthorized actions detection system
- Ability to receive alerts based on predefined settings
- Reports and logging to make audit more simple
- Data view on different detailng levels
- Anywhere, where you can use information from the event log
- Access audit, access control to critical resources, site visitor count assessment, malware detection, physical access control, sales assessment, consumer interests, false positive rate reduction, financial performance audit, network activity analysis, automated device (conveyor belt) control
Where you can use SIEM
Main SIEM capabilities
Ecosystem RuSIEM
RuSIEM
Commercial SIEM-class version
module for information systems, nodes and applications monitoring
RuSIEM Monitoring
RuSIEM IoC
Module of compromise indicators
RuSIEM Analytics
module for the commercial version, supplemented with DL
RuSIEM key functions
There is no need to remember the event text and event.id. Symptoms help to quickly find an event among millions of others. Operator-friendly symptom names can be used when searching for events, reports, correlations in all sections of the product.
Real-time correlation enables rapid detection of threats and anomalies. Flexible and easy-to-use graphical correlation rule designer enables creation of any custom rules without coding knowledge.
Incident management ensures interaction between teams and personnel in prompt resolution of problems and incidents. Limiting the scope of incidents allows maintaining confidentiality, restricting access to various incidents. Within an incident, you can assign tasks. Incident management is built in accordance with the ITIL standard.
The solution stores both normalized and raw RAW events for a long storage interval. Flexible event search allows you to search for events on any storage interval, perform both exact and regular expression, partial search. Grouping, counting quantitative data, calculating averages, various visualization options will satisfy any needs.
The graphical designer allows you to customize any report format, change the location of data in the report, logo, fonts, add and place graphic data. Running reports on a schedule and sending them by e-mail to selected recipients allows you to always stay informed about what is happening.
The source data and collection and storage systems allow for the identification of anomalies and threats without the need to create correlation rules for each case.
Vulnerability management ensures vulnerability detection and timely notification. Vulnerability detection is performed by network traffic and events. Integration with Snort ensures availability of data on open ports, services used and operating systems.
Authentication tracking allows you to create custom rules for any system and track user login parameters. If a user logs in from a different IP address or browser, an incident is created. In addition to ip and useragent, any other criteria can be specified.
Competitive advantages
1.
Original RAW-events saving
2.
No-code
3.
Normalization reduced
to the general object format
to the general object format
4.
Real-time and historical correlation
5.
No quantity limits of events and sources
6.
No quantity limits of events and sources
7.
High performance
(up to 90,000 events per one node)
(up to 90,000 events per one node)
8.
Light vertical and horizontal scalability
9.
Connectors from the developer
We help you from the beginning of pilot testing to full implementation
The solution is quick to set up, easy to customize, adaptable to your daily needs
Easy to use
Free education for our
partners and customers
partners and customers
Any data from any source can be used. We help with connecting non-standart sources
The product has all the necessary certificates of conformity
All fields are required.
When you press "Contuct us" you give us agreement with Confidential policy
When you press "Contuct us" you give us agreement with Confidential policy
Заполните поля и мы с Вами свяжемся!
