Log collection and analysis

Your company does not have sufficient resources to effectively analyse the immense volumes of log information generated on a daily basis?

Our SIEM system facilitates the correlation of data so that IT gaps and risks in the system may be proactively identified. This complex service is also available through locally installed log collectors. The analyses highlight accesses, hacking attempts and activities that violate corporate policy.

From daily log entries, security incidents will be efficiently identified and custom reports will be generated for a transparent IT security environment.

Our service is cost effective, as our timed reports, real-time notifications and a flexible interface allow you to respond immediately to any changes. Last but not least our solution also promotes legal compliance.

Security incidents may be detected from log entries using a default set of rules and individually configured policies. A dashboard for individual monitoring may also be created. In the event of a security incident, we also provide individual alerts and availability at selectable frequencies (immediate/weekly/monthly/quarterly) in accordance with the relevant regulatory requirements (General Data Protection Regulation, GDPR) or other market standards, in addition to the reporting function.

The main features of SOC are therefore continuous monitoring and the ability to intervene immediately. Our colleagues stay up to date regarding new IT security threats worldwide by obtaining information from international security services (CERTs), vendors and other sources of security news, as well as the official NIST/CVE database. This information is aggregated and then analysed for relevance for each client so that potential threats to client data may always be accurately identified. If the security level of a potentially compromised system is threatened, SOC experts will carry out a prompt impact and risk assessment to prepare the response, identifying the necessary steps and informing those responsible in the order of escalation and communication hierarchy. Invitech provides this service using its own SIEM platform installed in its own data centre.

Centrally installed, operated and managed by Invitech, our central log analysis service processes and categorises incoming log events and network traffic data while also making them searchable, and it provides for secure storage. Our SIEM (Security Information and Event Management) system also facilitates the correlation of data. As a result our Security Operation Centre (SOC) staff is not only able to proactively identify IT gaps and risks in the system but also perform preventive actions immediately. To ensure the integrity of the logs, a unique, encrypted fingerprint of log lines is preserved so that any subsequent intervention, modification or deletion may be detected and managed immediately. The confidentiality of logs is guaranteed by using client-specific settings separated at database level.