Introduction

The use of the Internet has become widespread in all organizations. In 2018, the number of Internet users is estimated at more than 4 billion, the number of Internet sites at 1 billion and the resulting total turnover of BtoC transactions at 2300 billion dollars. This growing mass of money does not leave cybercrime actors unaffected, as they are constantly organizing and perfecting their skills.

Faced with this professionalization, in both techniques and methods, it has become essential to strengthen the protection of information systems and to be able to monitor and protect them from ever more sophisticated cyber-threats

In addition to the sophisticated tools used to attack companies and administrations, the attack area has expanded considerably, due to the increase in the number of data crossing our IT infrastructures. The ability to monitor all these data is a real challenge for cybersecurity. At the same time, the effectiveness of the many safeguards, such as firewalls, anti-virus, anti-spam and other detection probes, remains limited if it is not accompanied by the implementation of a security tool. global steering.

Prelude SIEM operating diagram

Prelude SIEM completes the security of information systems by offering you a platform for centralized management of the security of your company.

Prelude SIEM : From BigData to SmartData

Prelude is a SIEM (Security Information and Event Management) whose primary function is to analyze in real time large volumes of raw data (RAW BIG DATA) from all the equipment and applications of the company to extract the essential (SMART DATA). To refine this analysis, Prelude SIEM will be able to rely on other available information such as inventory, patch management and vulnerability information or external information on cybermenaces such as CTI (Cyber ​​Threat Intelligence).

Prelude SIEM's objective is to alert the operator but also to provide him with all the necessary information (SMART DATA) to react as quickly as possible to the danger. To achieve this objective Prelude SIEM is based on the IDMEF standard.

IDMEF : the international standard for intrusion detection

Prelude SIEM has a strong specificity in the SIEM community: it implements the IDMEF format (RFC 4765 : Intrusion Detection Message Exchange Format). This format is defined by the IETF (Internet Engineering Task Force), the standardization body in charge of Internet protocols (HTTP, SMTP, LDAP, NTP, etc.). This standardized format makes it possible to standardize the way a security alert is presented and to enrich it by providing the context that will be necessary for the operator to make quick and effective decisions. It is the richest and most structured alert format on the market.

Logo IETF (Internet Engineering Task Force)

The IDMEF format being very popular in the open-source community around information systems, Prelude SIEM is natively compatible with the main reference security tools of the community allowing you to benefit from their power at a reasonable cost.

Prelude SIEM : A credible European alternative

The SIEM market is currently dominated by the major American publishers. Some alternatives exist but they are often limited in functionality. Many of them are log management tools with limited detection/normalization/real-time correlation capabilities.

France Cyber Security Logo

Prelude SIEM, on the other hand, is totally in line with the definition of a SIEM as given by Gartner in 2005. Prelude SIEM is based on two basic modules, ALERT (SEM) and ARCHIVE (SIM). This architecture makes it possible to optimize detection capabilities on the one hand and investigation capabilities on the other.

"Prelude SIEM"