Verizon's 2021 Data Breach Investigation Report, which analyzed 5,358 data breaches based on 83 contributing organizations worldwide. With 85% of data breaches involving a human factor, human negligence remains the biggest threat to security. To mitigate information damage and information leakage, log audits must be conducted, and with the complexity of network structure and the complexity of data systems, the difficulty of information security management and maintenance is also increasing.

Especially for security managers, manpower alone can no longer complete the effective management and analysis of massive security logs. In response to the above problems, a log analysis product based on big data technology, the Security Event Big Data Platform (iSIEM), came into being.

Palladium Security Event Big Data Platform (iSIEM) is a new generation of log collection and analysis products based on big data technology independently developed by Hangzhou Palladium Network Technology Co., Ltd. iSIEM can collect massive log data across the network to achieve centralized log management, real-time monitoring, alarm analysis, and rapid retrieval. By generating rich view reports, it can help administrators timely understand the overall operation situation of the whole network and generate compliance reports for various laws (such as equal protection, ISO27001, SOX, PCI DSS, etc.).

iSIEM can support log data generated by all device assets on the network, such as: system logs (Windows, Linux, UNIX, etc.), network devices (routes, switches), applications (Oracle, Apache), security device logs, etc.

iSIEM fully considers the actual situation of various customers, relies on the good scalability and scalability of big data architecture, and can be configured independently to meet the needs of small networks, or distributed and clustered to meet the needs of large networks.

(1) Deep correlation analysis

The system supports multi-level event correlation analysis, does not limit the level of aggregated events, independently sets filter conditions and aggregation conditions for each level of aggregated events, and flexibly defines the timing of each level of events to prevent the attack window from being evaded. In-depth analysis capabilities help customers filter valueless alarms and perceive risks in advance.

(2) Big data technology realizes high-speed retrieval

The high-speed retrieval engine for big data applications independently developed by Palladium realizes second-level responses to multi-condition queries of hundreds of millions of data, provides iQL search syntax, and flexibly queries any combination of any field, keyword, regular, wildcard, and logical relationship to quickly locate events;

(3) In-depth analysis of events and alarms

Based on in-depth analysis of security events, multiple event dimensions detect threat behavior, and support alarm event context analysis and data drilling.

(4) Centralized management of massive logs

The system can automatically collect and store massive data, and realize centralized collection and unified management of massive log data in the entire network environment.

(5) Visual log analysis

Based on the statistical analysis of log data, visual event auditing, report display, and flexible and customizable dashboard monitoring are realized.

(6) Highly scalable

It supports point deployment and cluster/hierarchical deployment, which can expand resources according to the actual needs of customers and reduce unnecessary waste of resources.

(1) Safety management benefits

Multi-level event correlation analysis, filtering valueless alarms, tracking and tracing attack events, deeply analyzing the causes of problems, and improving the efficiency of security incident management.

(2) Audit management benefits

Implement centralized log auditing; Based on big data storage and analysis framework, hundreds of millions of data query responses are measured in seconds; Provide iQL search syntax to flexibly set search conditions; At the same time, meet the compliance needs of third-party audits;

(3) O&M management benefits

Data collection, storage and analysis of various infrastructures; Realize real-time monitoring, timely find fault bottlenecks, and improve troubleshooting efficiency; Centralized large-screen monitoring to reduce the workload of managers;

(4) Collaborative management of benefits

Assigning different data access rights to different roles and users allows more personnel from different departments to participate in security log analysis scenarios under the premise of ensuring controllable permissions, which is conducive to improving the efficiency of communication.