The Postech Compliance SIEM provides the ability to map the security controls required by standards such as PCI DSS, HIPAA, GDPR, CNBV and others. The solution aggregates and analyzes data from multiple systems, mapping security alerts as compliance requirements.
Compliance SIEM provides a security solution capable of monitoring your infrastructure, detecting threats, intrusion attempts, system anomalies, misconfigured applications, and unauthorized user actions. It also provides a framework for incident response and regulatory compliance.
The lightweight agent is designed to perform a number of tasks to detect threats and, when necessary, trigger automatic responses. The main capabilities of the agent are:
- Collection of data from logs and events
- Monitoring the integrity of registry keys and files
- Inventory of running processes and installed applications
- Monitoring of open ports and network configuration
- Detection of rootkits or malware artifacts
- Evaluation of the configuration and monitoring of policies
- Execution of active responses
The agents run on many different platforms, including Windows, Linux, Mac OS X, AIX, Solaris, and HP-UX. They can be configured and managed from the server.
The Postech SIEM server is in charge of analyzing data received from agents, processing events through decoders and rules, and using threat intelligence to search for known IOCs (Indicators of Compromise). A single Postech SIEM server can analyze data from hundreds or thousands of agents and scale out when configured in cluster mode.
The server is also used to manage the agents, configuring and updating them remotely when necessary. Furthermore, the server is capable of sending commands to agents, for example, to trigger a response when a threat is detected.
Alerts generated by SIEM are sent to the Elastic Stack, where they are indexed and stored. The unique integration between SIEM and Kibana (one of the Elastic Stack components), provides a powerful user interface for data visualization and analysis, which can also be used to manage and monitor agent status and configuration .
The SIEM for Compliance web user interface includes out-of-the-box dashboards for regulatory compliance (e.g. PCI DSS, GDPR, CIS, NIST 800-53), vulnerable application detection, file integrity monitoring, configuration, security events, cloud infrastructure monitoring and others.