We Ankor specializes in deploying SIEM (Security Information and Event Management) in enterprises.
An SIEM system makes it possible to manage data security events and data and provide information, alerts, real time analysis, history reports and trends in the enterprise. SIEM systems are based on data generated from IT and data security systems such as AV, FW, Servers etc., as well as business and operations systems.
We Ankor recommends setting up an SIEM system since the increase in organizational systems (data security, network, applications and business) in enterprises today, has led to the phenomenon of setting up and shelving them. Often from the moment they were deployed, no periodical tests are conducted to identify irregularities. As a result, breaches are only discovered long after the organization has already been attacked.
Examples of these incidents can be found in Verizon’s annual report that covers data security events from different industries around the world.
The report shows that from the time the first breach occurs at the locations retaining /carrying financial enterprise data - information / money is stolen in minutes in 88% of the cases. Even so, in 85% of such cases, it took several weeks to discover any outbreak.
The SEIM systems installed by We Ankor cope with the issue by conducting a general inspection, and in particular, a compensating inspection. The system enables real time alerts from different systems, based on pre-defined logical scenarios and anomalies.
Due to the ability to choose scenarios, information can be cross-referenced, from multiple and diverse systems in a bid to create a general enterprise snapshot in real time, and compare it to previous periods.
When We Ankor developed best practices for the deployment of a SIEM system, emphasis was placed on including risk management as part of the logic. This is why We Ankor can supply an all-encompassing monitoring solution that covers all the enterprise sections requiring special protection.
We Ankor’s implementation of the solution in enterprises provides the following results:
- Turning millions / billions of log lines into one event that needs to be taken care of
- The creation of matrixes for measuring the network and data security situations within the enterprise
- Report generation that focus on systems / users / enterprise components
- Identification of trends and anomalies in the organization
- Response to regulatory demands and standards
- Events management to the point of closing the event and monitoring events history
- The introduction of auto-responses for events, without requiring external inputs
We Ankor customers implement data security event management in; internal systems, in-house applications, data security systems and regular IT systems. Additionally they use it to identify and prevent fraud. Some even apply the SIEM system capabilities to monitor communication networks and billing systems.
We Ankor, since 2003, has been deploying ArcSight systems – the most established and renowned SEIM system in the world. We Ankor’s concentration on the ArcSight system enabled the company to develop an outstanding level of expertise and knowledge on the system’s capabilities. As a result We-Ankor became the partner of choice for deploying SIEM systems in organizations.
We Ankor’s data security department today comprises of the largest team in EMEA, and includes 20 fulltime experts specializing in setting up the ArcSight system. The recruitment process entails in-depth and intensive training over a six month period. During the process, the team gains the knowledge and skillset needed to implement the system.
The department’s activities are based on maintaining and sharing knowledge, so that any documented information on faults, parses, content and scripts, are available to our customers.
As part of We Ankor’s knowledge sharing strategy, our team provide ArcSight system training sessions for our local customers. They have also completed a number of large projects in enterprises overseas.
We Ankor’s wealth of experience following over 70 local ArcSight projects, made it possible to implement unique best practices that lead to accelerated setup times and superior results for the customers.