One of the two or three cyber security applications that come pre-installed on the appliance happens to be a full-function SIEM, and we use that SIEM to do a few things:
- Take in the alerts from the monitoring and analysis program,
- Consolidate those alerts, to remove the usual ‘alert fatigue‘ you get with other cyber defense programs,
- Automatically notify the designated people, when necessary,
- Provide the console application that they log into,
- Provide the remediation framework that programmatically or automatically defeats the discovered cyber-attacks, and
- Produces a variety of status reports.
The basic RESPOND system comes with the SIEM capacity to collect information from up to 50 devices and to process 500 events/second. It’s used just to collect and process alerts from the firewall, which leaves a lot of extra capacity for later collecting information on other critical devices and processes. If you later decide to stand up a full SIEM, expanding the SIEM stub that comes with a RESPOND system into a world-class SIEM is merely a matter of adding inexpensive device licenses.
RESPOND—a new way to provide cyber protection
- Introduction
- Back-End Improvement
- Revolutionary Capability
- Some Real-World Benefits
- Project Particulars
- RESPOND Costs
- Adding in a Network Access Control System (NAC)
- Expanding a RESPOND System
- Respond Includes a SIEM