Leading Source for UK Technology News & Insights

Empower your organization to proactively defend against cyber threats with SeerSIEM

Our comprehensive Security Information and Event Management (SIEM) solution provides real-time visibility into your network, empowering you to detect, investigate, and respond to security incidents swiftly and effectively.

By centralizing log data from diverse sources, SeerSIEM enables you to analyze security events, identify anomalies, and detect advanced threats. With advanced analytics and machine learning capabilities, our solution automatically prioritizes critical alerts, reducing alert fatigue and enabling rapid response.

SIEM Processes

  • (KB) Knowledge Base
  • (CRE) Correlation and Response Engine
  • (PD) Pattern Discovery
  • (LM) Log Management
  • (AD-VA) Asset Discovery and Vulnerability Assessment
  • (NDR) Network Detection and Response
  • (NIDS) Network based Intrusion Detection System
  • (LCA) Log Collector Agent
  • (ISAC) Information sharing and Analysis Center
  • (LC) Log Collector

SeerSIEM

Product Architecture
Scalable and extensible architecture
  1. Distributed agent deployment
  2. Deployment of diverse analytical sensors in subsidiary organizations
  3. Hierarchical deployment architecture
  4. Scalable to handle hundreds of thousands of events per second
Data Collection
  1. Data Collection from Diverse Sources
  2. Contextual Data Normalization
  3. Customizable for a wide range of devices and systems
  4. Comprehensive coverage for hundreds of devices and services by default
Automated Response
  1. Automated command execution via API
  2. Supports Telnet and SSH protocols
  3. User-defined scripts for automation
  4. Full flexibility in defining command execution conditions
  5. Unified solution for multiple threat vectors
Intelligent threat detection
  1. Machine learning-based behavioral analytics
  2. Scenario-Based Attack Analysis
  3. Intelligent Event Classification
  4. Capability to Implement Custom Use Cases
Efficient data retention
  1. Powerful search capabilities
  2. Diverse data visualization options
  3. Fully customizable reports
  4. Minimal storage consumption with long-term
Knowledge base
  1. Continuous knowledge base updates
  2. Integrated knowledge management for all modules
  3. Comprehensive coverage of diverse security scenarios and policies
  4. Full customization of data sources, rules, and policies
Security Operations Center (SOC) Services
    1. 24/7 Support
    2. Continuous updates and enhancements
    3. Managed security services
    4. Design and implementation of SOC solutions and processes
    5. Consultation for Evaluating and Improving SOC Metrics

Specifications

NIDS – Network Intrusion Detection System
Features

Throughput: Up to 10 GbE (Gigabit Ethernet)

Concurrent sessions: Up to 5 million concurrent sessions without packet loss

Behavioral anomaly detection: Detects new and unknown attacks using anomaly detection methods based on learning.

Comprehensive set of attack: 

  1. More than 18000 predefined attack signatures that can be updated continuously.
  2. Contains different types of attacks such as scan, gain access, data manipulation, propagation, activity of malwares and denial of services.

GUI: Web based graphical user interface.

NTA – Network Traffic flow Analysis
Features

Auto detect application-layer protocols: 

  1. Application-layer detecting of more than 170 protocols, regardless of the port being used.
  2. This is because nowadays the concept of port=application no longer holds.

Network traffic monitoring: Defines charts of packet rate, flow rate and volume usage in various time periods for different application layer protocols and add them to dashboards.

Support Netflow: Receives and processes Netflow reports.

Traffic flow analysis: Analyzes the traffic flow information and extracts new attack evidences.

Throughput: Up to 10 GbE (Gigabit Ethernet).

Detect Zero-day attacks: 

  1. Addresses Signature based sensors lack.
  2. Most of this attacks could cause effect on the network traffic flows.
  3. Analyzing these effects as the evidences of malicious activities, helps detecting zero-day attacks.
SIEM – Specifications

1. Log Collector

Features

Supporting various sensors: Supports adding new organization’s applications to receive their logs.

Throughput: To be able to process Up to 20 thousands event per second on one appliance and scalable for higher rates.

Supported Sensors: Unlimited sensor numbers are supported.

Event filters: It is possible to define arbitrary filters logs according to organization security policies.

Compression rate: The logs is compressed by 10:1 rate.

Secure transmit: The security of the data is fulfilled by providing confidentiality and integrity of connections between modules.

Reliable transmit: Using a cache for retaining received logs temporarily to prevent data loss in network disconnection.

2. Log Management and Archive

Features

Event Per Second: Receive and store up to 50,000 EPS.

Long Retention period:

  1. Depends on storage resource volume.
  2. Retention of logs is possible for three, six and 12 months.

Data encryption: Encrypts stored data in archive to prevent unauthorized access to data.

Message Exchange Format: IDMEF and IODEF formats are supported.

Real time Data Retrieval: Facilities for searching and real-time retrieval of archived data based on various parameters.

External Storage: Supports the storing of data for long term archive on a external storage such as SAN and NAS.

3. Correlation and Response Engine

Features

Real-time analysis: Upon completion of the attacks symptoms, Immediately is reported.

Multistage correlation: 

  1. Correlate stages of slow and complicated attacks.
  2. The final goal of the attacker will be understood.

Cross-Device Correlation: Logs of network services and devices is analyzed and correlated with alerts of security applications and devices.

Eliminate of FP: Detect and eliminate false positive alerts if corresponding vulnerabilities is not exist in attack targets.

Efficient engine: The correlation engine does not miss attacks while reduces very high percent of reported events.

Predefined correlation rules:

  1. Predefined rules can be customized.
  2. Could define special purpose correlation rules

Behavioral abnormal analysis: Detect abnormal events by statistical analysis of logs.

Supported Rules: The number of supported rules is Unlimited.

Event per second throughput: 

  1. Up to 5000 EPS for an appliance.
  2. more throughputs by replicating.

Visual attack graph:

  1. Attack graph will be displayed.
  2. Provide visually understanding of incident.

Integrated knowledge base:

  1. Uses central knowledge management engine to handle processes of creating and updating of knowledge.
  2. Security policies and priorities of organization, vulnerabilities etc.

Incident handling process:

  1. Implemented a standard base incident handling process.
  2. This feature is not presented in common SIEM products.

Interaction with human teams: supports interaction with CERT, NOS and forensics teams.

Incident handling guidelines: 

  1. Propose guideline to response to incidents.
  2. The SOC analysts could modify or add response guidelines.
  3. This feature is not presented in common SIEM products.

Resources

Explore our detailed product brochure for in-depth insights and features.

Download Now