Affordable SIEM with Alerting, Analysis, Reporting

Is your network really safe? The IT security landscape is always challenging and always changing. Attackers are constantly creating new threats. You may have hundreds or thousands of devices and applications in your network, and that means hundreds or thousands of points of vulnerability. Our security information and event management (SIEM) tools can provide 24/7 surveillance for your entire IT infrastructure.


What is Otus SIEM?

Otus SIEM continuously monitors your network, analyzing data to distinguish between false alarms and genuine threats. We provide real-time reporting on suspicious events that makes it possible to react immediately to hacking attempts. Advanced persistent threats (APTs) are more easily detected by SIEM technology than by conventional defenses such as firewalls, HIDS, etc.

Our system supplies sophisticated tracking and analysis, storing all your server, application, and network information in a central location. Customized reporting offers a fast and organized way to access, analyze, and act on your network data. Machine data can provide a wealth of valuable information, improving collaboration by collating data from disparate systems in an organization.

Otus SIEM assists you in your compliance efforts. Almost every organization today is bound by regulations, such Sarbanes-Oxley or HIPAA. These regulations typically require logs as an audit trail of activity. We provide sophisticated logging and reporting capabilities that meet audit requirements.

Otus SIEM manages complexity. Your company data may be scattered among many different departments. Our SIEM can pull disparate data together, enabling data sharing and collaboration throughout even the largest organization.


Why use Otus SIEM?

Our years of experience and our dedicated team allowed us to develop a state-of-the-art SIEM product that’s the equal of any comparable product on the market. We are committed to producing a SIEM application that keeps your network safe while providing you with all the tools you need to analyze network events. Our reports are easily configurable, and we provide data indexing to make your data searchable. All of our modules are scalable – whether your business is small or large, we can provide the protection, security, and information you need.

Our team has dedicated almost half a decade to ensuring the SIEM solution we supply you is second to none.


Indexed Data

Otus SIEM offers fast and simple access to relevant data. Raw data is reformatted into easily searchable indexed tables. For data transformation, Otus provides numerous integrated indexers from various software and hardware vendors, always staying up-to-date with the latest offerings. Custom indexes can also be configured.


Data Transformation

Data transformation converts raw log data into data that can be read into SQL tables using either the provided indexers or custom made indexers. An indexer is a set of regular expressions that acts on data to prepare the data for insertion into a SQL table. Raw log data is data accepted from a remote source, usually text data.

For example:

2012-13-01 11:22:22  SERVER1.COM   user djurica with ip address 1.2.3.3 failed login
2012-13-01 11:33:22  SERVER1.COM   user djurica successfully logged in from 1.2.3.3

Becomes:

Date Server User ipaddress state
2012-13-01 11:22:22 SERVER1.COM djurica 1.2.3.3 failure
2012-13-01 11:33:22 SERVER1.COM djurica 1.2.3.3 success

This enables rapid data search, permitting alerts to be established. A typical alert might be something like, “Alert me if there are 100 unsuccessful logins on server 1, regardless of user,” which might detect someone trying to hack into the server.


Data Collection

Otus SIEM offers data collection through two different fetch types, push and pull. Push uses the server’s integrated syslog/snmp/sflow tool to send data to Otus. Push auto-detects data sources, which can be configured with the click of a button. Pull uses the ssh/ftp/http client to periodically fetch data from your network to Otus storage. Pull collection offers a way to gather data from unsupported systems such as security card readers.


Security Alerts

By definition, a zero-day attack is something that’s never been seen before, so you can’t configure your network to directly alert you to a zero-day attack. What it can do is pick up the patterns of activity that accompany such an attack. Otus SIEM searches through collected data in real time, ensuring immediate attack or malicious behavior detection. If such activity is identified, the system administrator is notified and an appropriate event alert is issued. Correlated rules allow the system administrator to join multiple rules into one alert event and drill down to the root cause of the problem, enabling more meaningful reporting of the event. Otus SIEM comes with many predefined rules to make your systems more secure and threat-aware.

When an alert such as an exploit attack is generated, we can gather these rules and group them by server. This allows us to determine which servers are most exposed and in need of more attention or higher security awareness.


Graphic and tabular reports

Otus data can be used to generate tabular and graphic reports. Reports can be generated for a specific time period; for instance, weekly reports or reports for the last six months. Otus provides multiple predefined reports that satisfy general reporting needs, but also provides a wizard that allows you to generate detailed reports based on any kind of criteria. The graphic report allows the visual presentation of measurable parameters, such as the number of security threats per server. The tabular reports provide more information regarding measurable data, such as a detailed overview of invalid logins per network element. Generated reports are also available in XLS, PDF, and other common formats.


Role-Based Access

Since the roles in an organization are relatively stable, with minimal user turnover and task reassignment, role-based access (RBAC) provides a powerful mechanism for reducing the complexity, cost, and potential for error involved in assigning user permissions within the organization. By using RBAC, a user is limited to a data subset or Otus module subset. Limiting by data subset allows the system administrator to create flexible roles that allow users to see only parts of stored data. For instance, roles can be configured so that mail administrators see only mail server data, web administrators see only web server data, etc.


Distributed Architecture

Using distributed architecture makes every Otus component extendable. The Otus system is based on distributed architecture that consists of one or more worker nodes. If you need higher events per second (EPS) or more extensive data indexing, Otus allows you to automatically increase performance by adding more worker nodes. These nodes assume the roles of Otus modules and reconfigure the system architecture so that every component works fast and reliably. The use of distributed architecture means the system can be easily scaled for organizations ranging from the smallest to the largest.


Modules

Data retention

The base module that provides data search. Data can be searched using a plain string, regular expression, data type, or server or group of servers. There’s an indexed data search that accesses data with an SQL-like feature. The combined data search allows you to specify more detailed queries. Similar log lines can be aggregated into a single entry, giving an overview of the results.

User

A module that takes care of user and role management. Users are authorized by their assigned roles, which can limit usage in a variety of ways, such as restricting viewing of data to only a certain group of servers, only a certain date range, only to a certain access time, etc. For authentication purposes, users can be authorized from an internal database or by connecting to the active directory.

Configuration

A base module that provides simple configuration for all licensed modules. The auto-detect feature makes configuration as simple as pointing a data source to an Otus SIEM node. The system automatically detects the time format used by a particular data source when it first enters the system.

Indexer

This module analyzes the raw data as it enters the system, extracts its important components, and stores it in table form. This allows for a more complex and meaningful data search. By mapping critical data to SQL tables, the Otus user gains the ability to search through log files using SQL-like or combined search features. Otus supports many predefined data indexers from various software and hardware vendors. Also, the user has the ability to create custom indexers by using a simple data format.

Storage module

A module for managing multiple storage node rules. By creating multiple storage node rules, a system administrator can define what data is saved on which storage node. Storage node rules define how long this data is retained. Multiple storage nodes can be defined: keeping only the last n days of data, keeping data over a fixed date range, cleaning out the oldest data when maximum storage is reached, etc.

Correlation

The module that detects threats and malicious behaviour in your network. By comparing events in your network to a predefined database of known attacks, Otus generates alerts as these events are occurring in real time. System administrators are notified through mail, syslog, or snmp channels.


Price List

Servers Price
30 $ 1 495,00
50 $ 2 995,00
100 $ 6 495,00
250 $ 13 995,00
500 $ 19 495,00
650 $ 22 995,00
800 $ 25 995,00
1000 $ 30 995,00
1500 $ 35 995,00
2500 $ 40 999,00