You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

User talk:Giusel

From Wikitech-static
Jump to navigation Jump to search

UTMStack Next-Gen SIEM

UTMStack is a Unified Threat Management[1] Platform and also a Next-Gen SIEM[2] that delivers all essential security services. It is designed for hybrid environments and can be easily deployed across on-premises and cloud providers[3].

UTMStack Features

The Next-Gen SIEM is formed by 9 modules: Log Management (SIEM), Dark Web Monitoring[4], Vulnerability Management, Identity Management, Incident Response, Network/Host IDS/IPS, Endpoint Protection, Compliance Management, and File Classification. The platform also includes a powerful dashboard and report builder that can be used to personalize your monitoring experience or for advanced compliance auditing and reporting.

Table 1: Principal Features
Asset Discovery Vulnerability Scanner[5] Log Management (SIEM) Network and Host Intrusion Detection (NIDS/HIDS)[6] Compliance Management
Network devices discovery and inventory. Software assets inventory. Asset basic information collection. Application vulnerability assessments. Network devices Vulnerability Assessment. Azure and AWS Vulnerability scans. Log collection and correlation. Log management. Dashboard and Report Builder. Log and event explorer for forensic analysis. Rule-based Network Intrusion Detection. Rule-based and heuristic analysis-based Host Intrusion detection System with ATP capabilities. Network traffic, protocol, and DNS analysis. HIPAA[7], GLBA[8], SOC, and GPDR Compliance reports. Compliance status dashboards. Custom compliance reports builder
Table 2: Principal Features
Access Rights Auditor Incident Response File Classification Dark Web Monitoring Threat Intelligence[9]
Active Directory Explorer. User Activity and permissions tracking. Suspicious activity monitoring. Host lockdown, IP block, and remote control console. Webroot, OSSEC and Wazuh Integration. File Changes and access Tracking. Activity monitoring. File Integrity Monitoring. Monitor for compromised or stolen employee and customer data. Domain and Individual email addresses monitoring. Spam, malware, botnets, service abuse IP related. Denial of Service and Brute force attack and scanner IPs.

Threat Detection Technology

UTMStack threat detection engine comprises several rule-based correlation[10] systems, scanners, and AI-powered machine learning algorithms[11]. Modules operate independently, and sometimes their functionalities overlap and interact to generate a holistic analysis of events.

Heuristic and Rule-based analysis engine

UTMStack leverages powerful correlation engines for a total of 154 000 detection rules. They aggregate, correlate, and analyze log data, network traffic, and system internal activity generated by on-premises and cloud devices or SaaS.

Machine Learning Anomaly-based engine

Analyzes the environment and defines custom rules and baselines. This learning mechanism allows the system to learn from the environment and gain the ability to identify abnormal and threatening behavior.

Threat Intelligence Database correlation

Analyses all available security IP feeds, mainly related to online attacks[12], online service abuse, malware, botnets, command and control servers, and other cybercrime activities.

Advanced-Data Visualization and Reporting

UTMStack dashboards[13] and reports can be created, modified, and deleted without writing a single line of code. The entire solution has been built on a proprietary data visualization and analysis engine that provides the flexibility to build the entire stack from the ground by any advanced user.

The UTMStack data visualization system facilitates managing the following use cases:

Investigate Suspicious Activities

  • Aggregate and summarize sets of data.
  • Filter, track, and export log data.
  • Perform a forensic analysis.

Monitor and analyze security data

  • Build customized dashboards or use existing ones.
  • Explore systems data in near real-time and respond to incidents.

Audit and compliance support

  • Generate custom reports for audits or compliance checks and assessments.
  • Create compliance dashboards for continuous monitoring.
  • Leverage existing reports for HIPAA, GLBA, GPDR, and SOC compliance.

Reduce downtime

  • Create up-time reports
  • Review proactive alerts for misconfigurations or misconfigured systems.
  • Monitor and analyze devices performance and resources utilization.

Integrations

UTMStack monitors the following systems and platforms. Integrations can be configured from inside the system panel and do not require custom coding or complicated configurations[14].

  1. Azure and AWS.
  2. Hypervisors (KVM, HyperV, VMWare, etc.).
  3. Physical Infrastructure datacenter.
  4. Software like SharePoint and SQL Server.
  5. Windows and Linux servers and endpoints.
  6. PaaS and SaaS applications like Office365.
  7. Proprietary devices like CISCO and Sophos.
  8. Container orchestration (Kubernetes, Docker).

External links