Introduction
Découvrez notre produit
Introduction
Internet use has become widespread in all organizations. In 2019, the number of Internet users was estimated at more than 4 billion, the number of websites 1 billion and the associated total turnover of BtoC transactions at 2300 billion dollars. This growing mass of money does not leave cybercrime actors indifferent, and they continue to organize and improve.
Faced with this professionalisation, both in the techniques and in the methods of attacks, it has become essential to strengthen the protection of information and be able to monitor and protect them from cyber-threats from increasingly sophisticated systems.
In parallel with the emergence of ever more sophisticated tools to attack businesses and governments, their attack surface has expanded considerably, due to the increased amount of data across our IT infrastructure. The ability to monitor all of that data is a real challenge for cybersecurity. In parallel, the effectiveness of many protections such as firewalls, anti-virus, anti-spam and other detection probes is limited if it is not accompanied by the introduction of an overall management tool.
Prelude SIEM complements the security of information systems by offering a platform for centralized management of the cyber security of your business.
Prelude SIEM: From Big Data to SmartData
Prelude is a SIEM (Security Information and Event Management) whose primary function is to analyze in real time large volumes of raw data (RAW BIG DATA) from all equipment and enterprise applications to extract the essential ( SMART DATA). To refine this analysis, Prelude SIEM can rely on other available information such as inventory information, patch management and vulnerability or external cyber threat information such as CTI (Cyber Threat Intelligence).
The objective of Prelude SIEM is to alert the operator but also to provide all the necessary information (intelligent and contextualized data) to react quickly to the danger. To meet this objective, Prelude SIEM relies on IDMEF standard (RFC 4765).
IDMEF: the international standard for intrusion detection
Prelude SIEM presents a strong specificity in the SIEM community : it implements the IDMEF size (RFC 4765: idmef). This format is defined at the IETF (Internet Engineering Task Force), the standards organization responsible for Internet protocols (HTTP, SMTP, LDAP, NTP, etc.).
This standardized format enables to homogenize the way of presenting a security alert but also to enrich it by providing context that will be necessary for the operator to quickly and efficiently make decisions. It is the most complete and structured alert format in the market. The IDMEF format being very common in the open-source information systems community, Prelude SIEM is natively compatible with major community safety reference tools to help you take advantage of their power at a reasonable cost.
Prelude SIEM: Renowned French alternative
The SIEM market is dominated today by the major US publishers.
On the threshold of the few available alternatives, Prelude SIEM is distinguished by its SIEM architecture as it was defined by Gartner in 2005 with the combination of a trace management and indexing module (SIM) and a detection/real-time correlation module (SEM). This architecture optimizes both the detection capabilities and the investigative capabilities.
Introduction
Most companies and organizations have become totally dependent on their informations systems. It ensures production, customer relations, R&D, accounting, invoicing, etc.
In some companies, every minute of information system failure can lead to considerable financial losses. It has become essential to monitor in real time the health of your information system . Ideally, it is necessary to be able to anticipate breakdowns even before they occur and, in the worst case, to remedy them as quickly as possible.
Vigilo NMS is an NMS (Network Management System). It is a tool that allows you to monitor the availability and performance of your entire information system. Vigilo NMS monitors the networks, systems and applications. Its modularity and design allows it to address medium to very large systems. Vigilo NMS offers all the services necessary for performance monitoring: real-time status monitoring with correlation and aggregation, metrology management, customizable mapping, trend analysis, investigation and reporting.
The alternative to the ITOM's "Big Four"
Nowadays, two main types of solutions are available on the NMS market for medium to very large sites. Proprietary solutions of which the best known are marketed by the “Big Four” (IBM, CA Technologies, BMC Software et HP). These solutions can sometimes be a little cumbersome and require significant investments while not always offering the agility and customization that can be expected from an NMS.
Faced with these imposing solutions, there are many open source alternatives. These solutions, which are generally of very good quality, are much more agile and customizable. However, they often sin by different aspects. The main flaws are their difficulty in scaling and managing highly distributed environments. Moreover, often designed by developers far away from the concerns of operators, they lack “operational” features and it is often necessary to combine several of them to achieve the expected result, with all the maintenance difficulties over time that this represents.
Vigilo NMS is positioned between these two types of applications. Based on open source reference modules, Vigilo NMS offers powerful and proven features. Based on those various basic components, the Vigilo NMS team has developed a complete performance monitoring solution whose objective is to compete with the solutions of major publishers. Vigilo NMS offers the power of open source and the completeness of the best NMS. Finally, in a market dominated by very monolithic and poorly customizable solutions, Vigilo NMS stands out for its ability to adapt and integrate into diverse environments. It is the ideal solution for CIOs looking for a complete and powerful tool that will adapt to their needs.*
*Vigilo NMS is deployed on SME fleets with a few dozen machines as well as in NOCs managing several thousand pieces of equipment (a reference to 25,000 pieces of equipment)
Introduction
In a difficult economic context for IT departments that have to face ever higher risks with often constrained budgets, the Unity 360 solution makes it possible to rationalize monitoring costs while improving detection resources.
Based on our Prelude SIEM and Vigilo NMS solutions, security and availability monitoring software, the Unity 360 solution allows you to unify your security management with that of availability. In the same application you can combine the triptych “Confidentiality-Integrity-Availability”.
With Unity 360 you optimize your acquisition, training and operating costs while improving the overall efficiency of your monitoring. Unity 360 makes it possible to follow the entire security chain from the detection of an incident, whether accidental or intentional, to the investigation and then its resolution to the resumption of activity.
Unity 360 takes a major step forward in the process of rationalizing information systems operating costs. The current dichotomy between NOC and SOC activities is indeed an additional cost factor coupled with lower efficiency.
While respecting the prerogatives of each individual and in particular the RSSI decision-making chain, Unity 360 makes it possible to federate the activities of the various operators and unify the teams around a common tool.