Respond Includes a SIEM

Respond Includes a SIEM 2024-10-11T15:27:34-05:00

One of the two or three cyber security applications that come pre-installed on the appliance happens to be a full-function SIEM, and we use that SIEM to do a few things:

  • Take in the alerts from the monitoring and analysis program,
  • Consolidate those alerts, to remove the usual ‘alert fatigue‘ you get with other cyber defense programs,
  • Automatically notify the designated people, when necessary,
  • Provide the console application that they log into,
  • Provide the remediation framework that programmatically or automatically defeats the discovered cyber-attacks, and
  • Produces a variety of status reports.

The basic RESPOND system comes with the SIEM capacity to collect information from up to 50 devices and to process 500 events/second. It’s used just to collect and process alerts from the firewall, which leaves a lot of extra capacity for later collecting information on other critical devices and processes. If you later decide to stand up a full SIEM, expanding the SIEM stub that comes with a RESPOND system into a world-class SIEM is merely a matter of adding inexpensive device licenses.

Contact Us