Security Information and Event Management (SIEM)

Our extensive experience in Security Information and Event management extends to every aspect of operations, risk management and senior level decision-making processes. 

Broad Eye Solutions can extend your current SIEM functionality by implementing specific interfaces needed by your organization, ODBC, CSV, Alert Action Drivers meeting your specific company needs. 

Broad Eye Solutions also offers device support to companies and individuals who have already purchased a SIEM product from other vendors. Please contact us at softwaredev@broadeyesolutions.com if you are interested in device support, or learn more in our Services section.

Services

Security Information and Event Management Support

Devices

Are you unable to find a device in your environment on your current SIEM’s Supported Devices list? 

Developing and defining a device in a SIEM solution requires a defined methodology and process which can be used in providing a generic or uniform event schema for every device implemented within the solution.  

This schema must be rich enough to normalize data without incurring any information loss.  It must also be easily extensible in cases where users need to extend the schema to fit their explicit needs.  

This then provides the user with a common event schema base to evaluate and create rule based correlation with states, conditions, timeouts and actions.   

Broad Eye Solutions has developed a proven methodology and process in both creating and enhancing devices for SIEM solutions.  

This process allows the Broad Eye Solutions team to create and enhance devices in a timely manner; meeting customer expectations for quality and availability, as well as providing a concise, documented, and uniform event schema. 

Rule-Based Correlation

Rule-based correlation engines apply scenarios that a known condition must follow to detect exactly the condition specified. 

Such scenarios might be encoded in the form of a sequence of events (first this, then that…), therefore some action(s) must trigger the detection process. 

Rule-based correlation deals with states, conditions, timeouts and actions. A state is a well-defined logical or operational mode that the correlation rule might be in. A state may contain various conditions, such as matching incoming events by the source IP address, protocol, port, event type, producing security device type, username and other data components of the event. 

Although data components vary from device to device, a SIEM solution typically normalizes many data component formats using a generic or uniform event schema. 

This schema must be rich enough to normalize data without incurring any information loss.  As new devices are added and current devices’ events enhanced, users need to constantly monitor the updating of exiting correlation rules to continually maximize their return.  

The Broad Eye Solutions team can provide this service as a single project or on an ongoing basis depending on customer requirements. 

Non-Specific Data Mining

There are situations where the base SIEM solution does not provide the ability to see or request a specific event schema that can be used by other third party applications. 

In these situations, the user is required to develop an interface to the SIEM solution which extracts the data and feeds third party applications. 

This requires both a knowledge of the inner workings of the SIEM solution, as well as a methodology for the extraction of the required data. 

The Broad Eye Solutions teams’ knowledge and expertise in these areas, allows us to quickly extend your current SIEM solution, providing you with the functionality you need. 

Application Sustaining Support and Renewal

Application Sustaining Support and Renewal is not simply a technology challenge but a business imperative. With the accent on flexibility, the process of application sustaining support renewal supports business growth, allowing companies to seek solutions such as re-platforming, migration, remediation, and reverse engineering. 

Broad Eye Solutions Application Sustaining Support and Renewal is a technology-independent, dedicated business that transforms enterprises and harvests the value of their existing applications through the use of our specialized skills and global delivery capability. Application sustaining support and renewal helps increase a company’s stability and flexibility, decrease costs and even extend the business life of current IT assets on its journey to becoming a high-performance business.