AnchorPoint Security » SIEM and Log Management

SIEM & Log Management

Accelerate your threat detection and compliance with a full SIEM and built-in essential security capabilities.

See how Integrated Threat Integrated (ITR) makes SIEM and log management easy.

A Complete SIEM, Fully Managed

Single-purpose SIEM software or log management tools provide valuable information, but often require expensive intergration efforts to bring in log files from disparate sources such as asset management, vulnerability assessment, and IDS products. With the AnchorPoint ITR service, SIEM is integrated with other essential security tools for complete security visibility that simplifies and accelerates threat detection, incident response, and compliance management.

Fully Integrated SIEM Capabilities on Day 1

Drastically simplify SIEM deployment and gain valuable insight into your environment with totally integrated solution that includes all the essential security capabilities you need, managed by a team of security experts, working together to provide the most complete view of your security posture.

check SIEM / event correlation

check Asset discovery and inventory

check Vulnerability assessment

check Intrusion detection

check NetFlow monitoring

check Actionable, relevant threat intelligence aggregated from multiple sources and vetted by the AnchorPoint SOC

check Integrated global real-time reports of emerging threats and vetted actors from leading threat feeds, including the open source community that enables collaborative defense with actionable, community-powered threat intelligence

check 2,000+ Correlation Directives AnchorPoint provides over 2,000 pre-defined correlation directives so we don’t have to spend hours creating yours from scratch

check Always Vigilant Continuous updates from our partners include new correlation directives, threat signatures, remediation guidance, and more.

Day One Results

You get actionable threat information in hours, not days.

Request Free Quote

More Than Just SIEM

– It’s a Full Security Suite, Totally Integrated!

 

Traditional SIEM solutions promise to provide what you need – but the path to get there is one most of us can’t afford. Traditional SIEM solutions integrate and analyze the data produced by other security technologies that are already deployed, but unfortunately most mid-market organizations don’t have those other technologies deployed yet!

AnchorPoint Integrated Threat Response (ITR) provides a different path. In addition to all the functionality of a traditional SIEM, AnchorPoint ITR also integrates all the essential security capabilities into a single deployment with no additional configuration charges. AnchorPoint’s ability to provide a 5:1 return on your security investment makes ITR the perfect fit for mid-market enterprises and organizations with limited budget and few in-house resources.

Features: AnchorPoint ITR
Management: Management:
Log Management Yes
Event Management Yes
Event Correlation Yes
Reporting Yes
Trouble Ticketing Included
Security Monitoring Technologies: Security Monitoring Technologies:
Asset Discovery Included
Network IDS Included
Host IDS Included
Netflow Included
Full Packet Capture Included
File Integrity Monitoring Included
Vulnerability Assessment Included
Additional Capabilities: Additional Capabilities:
Continuous Threat Intelligence Included
Integrated security dashboard, personal e-mail reporting, personal text alerts Included
Features: Traditional SIEM
Management: Management:
Log Management Yes
Event Management Yes
Event Correlation Yes
Reporting Yes
Trouble Ticketing $$ (Point-solution that requires custom integration, separate management, and training)
Security Monitoring Technologies: Security Monitoring Technologies:
Asset Discovery $$ (Point-solution that requires custom integration, separate management, and training)
Network IDS $$ (Point-solution that requires custom integration, separate management, and training)
Host IDS $$ (Point-solution that requires custom integration, separate management, and training)
Netflow $$ (Point-solution that requires custom integration, separate management, and training)
Full Packet Capture $$ (Point-solution that requires custom integration, separate management, and training)
File Integrity Monitoring $$ (Point-solution that requires custom integration, separate management, and training)
Vulnerability Assessment $$ (Point-solution that requires custom integration, separate management, and training)
Additional Capabilities: Additional Capabilities:
Continuous Threat Intelligence Not Available
Integrated security dashboard, personal e-mail reporting, personal text alerts Not Available
Features: AnchorPoint ITR Traditional SIEM
Management:
Log Management Yes Yes
Event Management Yes Yes
Event Correlation Yes Yes
Reporting Yes Yes
Trouble Ticketing Included $$ (Point-solution that requires custom integration, separate management, and training)
Security Monitoring Technologies:
Asset Discovery Included $$ (Point-solution that requires custom integration, separate management, and training)
Network IDS Included $$ (Point-solution that requires custom integration, separate management, and training)
Host IDS Included $$ (Point-solution that requires custom integration, separate management, and training)
Netflow Included $$ (Point-solution that requires custom integration, separate management, and training)
Full Packet Capture Included $$ (Point-solution that requires custom integration, separate management, and training)
File Integrity Monitoring Included $$ (Point-solution that requires custom integration, separate management, and training)
Vulnerability Assessment Included $$ (Point-solution that requires custom integration, separate management, and training)
Additional Capabilities:
Continuous Threat Intelligence Included Not Available
Integrated security dashboard, personal e-mail reporting, personal text alerts Included Not Available

Centralized Threat Alerts

Prioritize with Kill Chain Taxonomy

The promise of SIEM software is particularly powerful—collecting data from disparate technologies, normalizing it, centralizing alerts, and correlating events to tell you exactly what to focus on. Unfortunately, achieving and maintaining the promise of SIEM is time-consuming, costly, and complex.

AnchorPoint ITR integrates all the security capabilities you need plus a centralized alarm dashboard, e-mail alerts, and text alerts that utilize the Kill Chain Taxonomy to focus your attention on the most important threats. It breaks attacks out into five threat categories that help you understand attack intent and threat severity, based on how they’re interacting with your network.

check System Compromise – Behavior indicating a compromised system.

check Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system.

check Delivery & Attack – Behavior indicating an attempted delivery of an exploit.

check Reconnaissance & Probing – Behavior indicating a bad actor attempting to discover information about your network.

check Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications.

 

Reduced Noise

We correlate IDS data with multiple security tools to reduce false positives and increases accuracy of alarms.

Complete Threat Evidence

We give you visibility into attack type, number of events, duration, source and destination IP addresses, and more.

Automatic Notifications

We set up email notifications and implement phone messaging services such as SMS.

Workflow Management

We create tickets from any alarm, delegate to users, or integrate with an external ticketing system.

Centralized Threat Alerts

AnchorPoint will Drill Down and Analyze Consolidated Threat Details For You

Our SOC Analysts accelerate your response work by analyzing related threat details and handing you actionable information. We’ll show you the directive event, the individual event(s) that triggered the directive event, and the correlation level of the directive rule.

Here are some of the event details you’ll see with AnchorPoint ITR:

check Normalized event

check SIEM information

check Reputation of source and destination IP addresses

check Knowledge base about the event

check Payload of the packet triggering the event

Search SIEM Events

We can search events stored in the database, filter for more granular data, and sort by event name, IP address and more.

Inspect Packet Captures

We use integrated packet capture functionality to capture interesting traffic for offline analysis.

Check Assets and Vulnerabilities

AnchorPoint SOC Analysts will identify whether an attack is relevant by correlating reported vulnerabilities with malicious traffic.

Examine Raw Logs

AnchorPoint SOC Analysts routinely search for any raw logs that are related to activity reported by an alarm. Raw logs are digitally signed for evidentiary purposes. We can also filter by time range and search pattern and export raw logs as a text file.

Threat Intelligence Updates

Researching threats and maintaining your SIEM software, IDS, and vulnerability assessment tools for the latest threat detection isn’t trivial. Let us do the heavy lifting for you.

The AnchorPoint Security Operations Center (SOC) is constantly updated with the latest threat intelligence, so you can focus on detecting and responding to the most critical issues in your network.

Our team relies on experience and an advanced global threat intelligence system, including the world’s largest crowd-sourced repository of threat data to provide global insight into attack trends and bad actors.

AnchorPoint’s SOC keeps your tools updated with eight coordinated rulesets:

check Network IDS signatures

check Host-based IDS signatures

check Asset discovery signatures

check Vulnerability assessment signatures

check Correlation rules

check Reporting modules

check Dynamic incident response templates

check Newly supported data source plug‐ins