RandomStorm has released its new integrated log analysis; host-based intrusion detection system (HIDS) and file integrity platform, StormAgent.
StormAgent automates protective monitoring of network hosts, reducing the time needed to sift through millions of log files to identify potential threats, from hours to minutes.
This latest release of StormAgent represents a step-change in log analysis capability. At the core of the system, RandomStorm’s Instance, Event, Alert (IEA) algorithm identifies, classifies and stores alerts into IP and time-based Events that are associated with Instances of matched rules1. Capable of processing up to twenty eight million logs per day, StormAgent categorises and stores recurring security alerts into manageable and meaningful groups associated with specific hosts across the network, over a ninety day time window.
StormAgent’s graphical and menu-driven management dashboard enables users to quickly drill down into each Instance, based on five thousand pre-defined rules, to view the correlated alerts and access vital information such as the source IP address and the timeline of the event, to help users to assess the severity of security risks.
Together with its alert management functionality, StormAgent provides an enterprise-class HIDS and file integrity management tool that can be configured to monitor critical hosts, identify imminent threats and pinpoint any changes to confidential files in real-time, an essential compliance requirement under the Payment Card Industry Data Security Standard (PCI DSS) and other guidelines.2
To encourage rapid remediation of the most critical network security issues, StormAgent includes task management and escalation capability: creating tickets and allocating tasks to specific users to ensure that the warning signs of an imminent threat are first of all identified and then dealt with, before a breach occurs.
Built for SME and enterprise networks, StormAgent is highly scalable and can support diverse, multi-platform networks including Linux™, Apple Macintosh® Microsoft Windows® and IBM iSeries (AS/400) environments. Incorporating a sophisticated asset management tool, StormAgent can be configured to monitor and report on individual or grouped hosts to aid close monitoring of business-critical applications and resources.
Commenting on the new log analysis platform Andrew Mason, co-founder and Technical Director of RandomStorm said, “The security status of networks and data storage devices needs to be continuously monitored to protect intellectual property and sensitive customer data. Anomalous activity, such as repeated failed logins, attacks on unused ports, or abnormally high levels of network traffic and bandwidth consumption, can raise the alarm that an attack is in progress. However, with billions of alerts being logged each year, important indicators can get overlooked. StormAgent provides system managers with a powerful tool that filters out the most vital information and most importantly, makes it understandable, so that staff can act swiftly to thwart an attack.”