Security Information and Event Management (SIEM) is the practice of centrally collecting logs of events/alarms that are generated by security controls and infrastructure throughout the business, then applying correlation and analytics to draw useful conclusions that we might not see from a single vantage point. Volta can offer SIEM with ELK/ElasticStack, a powerful open-source solution leveraged by companies like Cisco and Verizon for their own SIEM needs.
Example of ELK dashboards include:
- Failed logins
- Scanning activity
- VPN Logins and Alerts
- Traffic Geolocation Map
- Server and Application log-driven alerts
- Netflow Traffic Summary Dashboard
- IPS Signature matches
- Malware detections
- Email and Web policy alerts