Comarch Secure Monitoring

We are a fact-gathering organization only. We don't clear anybody.
We don't condemn anybody.
J. Edgar Hoover

Problem

Effective security provides fast threat identification and reduces the number of incidents by providing full and usable information on them. This enables rapid reaction to incidents and provides evidence to redress damages.

Challenge

Collected information should be complete, precise and pertinent. It must be accessible only to authorized persons and archived in a safe place for inquiry. Acquiring information must be transparent (even in encrypted connections) for existing infrastructure and can not affect its performance.

Solution

Comarch Secure Monitoring is a set of two complementary tools:

Comarch CentralLog is a comprehensive solution for managing security data generated by the company’s IT infrastructure. Its functionalities include:

• the application of Security Information and Event Management (SIEM) class
• tools for the centralization, analysis and storage of the security audit information produced by various systems and applications. This includes those exclusively devoted to security and those that are independent, such as data bases
• management of security associated events conveniently, thoroughly and productively (incident support) by the administrators
• data collection from systems without agents
• data collection by agents, prepared on the most popular operating systems if there is no other possibility
• separation of system administration and collected data analysis
• reports’ presentation and configuration via a Web browser
• a developed reporting mechanism, which supports cyclical reports and workflow procedures for creating and delivering reports
• online processing enabling information classification, correlation and notification about incidents

Comarch SecureAdmin is a user activity monitoring system which operates transparently at the level of the network layer (passive and active analysis). Its functionalities include:

• the application of Security Information and Event Management (SIEM) class
• implementing Comarch SecureAdmin without requiring the modification or reconfiguration of existing applications or systems and its presence is not visible to users
• the capacity to monitor encrypted connections; there are two ways network traffic is analyzed:
  - protocols  not encrypted (passively)-  Telnet, POP3, IMAP, FTP, SMTP, SMB, NFS, Oracle, MySQL, PostgreSQL, MSSQL
  - protocols encrypted (actively): SSH (versions 1 and 2), SSL (FTP, POP3, IMAP, LDAP, SMTP, HTTP), X11.
• reports’ presentation and configuration via a Web browser

Download:

• Comarch IT Security - leaflet