PRELUDE SIEM | Identify threats in real time

MONITOR PERFORMANCE

OF YOUR INFORMATION SYSTEM

Introduction

The use of the Internet has become widespread in all organizations. In 2018, the number of Internet users is estimated at more than 4 billion, the number of Internet sites at 1 billion and the resulting total turnover of BtoC transactions at 2300 billion Dollars. This growing mass of money does not leave cybercrime actors unaffected, as they are constantly organizing and perfecting their skills.

In front of this professionalization, both in techniques and methods, it has become essential to strengthen the protection of information systems and to be able to monitor and protect them from increasingly sophisticated cyber threats.

In addition to the sophisticated tools used to attack businesses and administrations, the attack zone has expanded considerably, due to the increase of the amount of data passing through our IT infrastructures. The ability to monitor all this data is a real challenge for cybersecurity. At the same time, the effectiveness of the many means of protection such as firewalls, anti-virus, anti-spam and other detection probes, remains limited if they are not accompanied by the implementation of a global monitoring tool.

Prelude SIEM completes the security of information systems by offering you a centralized control platform for the security of your company.

Prelude SIEM : From BigData to SmartData

Prelude is a SIEM (Security Information and Event Management) whose primary function is to analyze in real time large volumes of raw data (RAW BIG DATA) from all the company's equipment and applications to extract the essential (SMART DATA). To refine this analysis, Prelude SIEM will be able to rely on other available information such as inventory, patch management and vulnerability information or external information on cyber threats such as CTI (Cyber Threat Intelligence).

Prelude SIEM's objective is to alert the operator but also to provide him with all the necessary information (SMART DATA) to react as quickly as possible to the danger. To achieve this objective, Prelude SIEM relies on the IDMEF standard.

IDMEF : the international standard for intrusion detection

Prelude SIEM has a strong specificity in the SIEM community: it implements the IDMEF format (RFC 4765 : Intrusion Detection Message Exchange Format). This format is defined by the IETF (Internet Engineering Task Force) the standardization organization in charge of Internet protocols (HTTP, SMTP, LDAP, NTP, etc.). This format makes it possible to homogenize the way of a security alert is presented and to enrich it by providing the context that will be necessary for the operator to make quick and effective decisions. It is the richest and most structured alert format on the market.

The IDMEF format being very popular in the open source community around information systems, Prelude SIEM is natively compatible with the main reference security tools of the community allowing you to benefit from their power at a reasonable cost.

Prelude SIEM : A recognized French alternative

The SIEM market is currently dominated by the major American publishers. Some alternatives exist, but they are often limited in functionality. Many of them are log management tools with limited detection/normalization/real-time correlation capacities.

Prelude SIEM, on the other hand, is totally in line with the definition of a SIEM as given by Gartner in 2005. Prelude SIEM is based on two basic modules, ALERT (SEM) and ARCHIVE (SIM). This architecture makes it possible to optimize detection capacities on the one hand and investigation capabilities on the other.