Partners

Assuria Log Manager (ALM)

ALM is a CESG CCTM Accredited Forensic Log Management and SIM/SIEM solution.

Used by government agencies, major commercial organisations, local government departments and IT service providers to deliver IT security intelligence and complete visibility into system activity.

Log Management
Analysis & Alerting
Security & Compliance Reporting
Protective Monitoring
Forensic Readiness

Log Manager Overview

Assuria Log Manager (ALM) delivers an enterprise wide view of IT system activity, from almost any system, application or device within the IT infrastructure. This IT security intelligence is delivered with strong forensic readiness as a key objective.

ALM provides automated collection and management of audit logs from across the whole enterprise, as well as security event analysis, alerting and reporting. ALM is fully scalable to meet the needs of organisations from SME’s right through to major global enterprises. ALM is designed to automate the management of logs from almost any IP based system or device, including MS Windows, Unix and Linux servers, workstations, databases, applications, network devices, firewalls, routers, physical access control systems and much more.

Role based access control (RBAC) provides privilege control. Multiple users can log into the ALM Console to manage agents, agent policies, collection policies, syslog forwarding (where ALM agents are not in use) and security policies, as well as to create archives, generate reports and many other processes.

ALM agents are available for most Windows, Unix and Linux systems to provide the highest levels of forensic integrity and log management automation. Through its own built-in Syslog server and TCL scripted plug-ins, ALM is capable of collecting logs from just about any source. Out of the box, ALM supports most commonly used log sources and formats with a library of standard reports, such as for PCI-DSS compliance. A powerful analysis and anomaly detection engine, log data interactive log data viewing features and a highly flexible report generator allows easy generation of highly customised views of security event and log data.

Key Features

Enterprise Wide Log Collection. Secure and forensically sound collection of logs from almost any source into a central store.

Log Management. Enterprise wide automated management of logs, including log rotation.

Forensic Readiness. Logs are collected in a secure and forensically sound manner, retaining their original form and complete with relevant meta data, thus allowing repeated examination with new analysis rules and use of the logs by other applications and processes.

Real-time Event Alerting. Configurable to specific log events, sent via Email and/or SNMP traps.
Agent Based Collection ensures the security, continuity and integrity of all collected logs.

Agent Based Log Management. Ensures the security, continuity and integrity of all collected logs and allows alerting at the log source.

Digitally Signed. An RSA/SHA256 digital signature is calculated and the log digitally signed before transfer. Transfer is authenticated and encrypted using TLS.

Secure Storage. Log cataloguing, chain of custody records, archive creation and management. Archive to secure long term storage, complete with a digitally-signed manifest.

Scalable and Modular Architecture. Designed to support almost any sized IT environment up to thousands of log sources. Supports multiple collection points, with load balancing and resilience built-in.

Analysis. Collected logs are processed by a rules-driven analysis and anomaly detection engine. Flexible and extensible analysis rules allow ‘interesting’ events to be tagged and written to a database for further analysis and reporting.

Unstructured Querying. ALM provides facilities to analyse and report on stored original log data, allowing unstructured ‘Google’ type searches on any item, providing effective interactive analysis and learning features. This will often leading to new automated analysis rules and reporting.

Reporting. Flexible analysis, correlation, aggregation and reporting in HTML, PDF, XLS, XML and CSV.

Data Export. Export of collected log data to external systems in various forms - raw logs, form normalised or content normalised.

ALM Architecture

ALM is a software solution, providing significant advantages over hardware appliance based solutions. There is no need to install additional 'black box' appliances to support ALM, instead it can be implemented on existing systems within the IT infrastructure. Advantages over appliance solutions include lower cost, flexibility of implementation, scalability (the ALM Starter Pack allows small initial rollouts to be gradually scaled up to major enterprise implementations very easily) and extensibility, all important features for enterprise implementations.

ALM Log Sources

ALM's unique, flexible architecture uses Tcl plug-ins to allow collection of logs from almost any source and in an infinite number of log formats and types.

An SDK is available to allow even easier development of additional ALM plug-ins to support new log sources. Training is also available to allow partners and customers to develop ALM plug-ins.

A wide range of log sources is supported out of the box, including those listed below (note - this is just a sample list - please contact Assuria for the full list of supported log sources):

Click here to vew full list

System requirements

The system requirements indicated below are for Assuria Log Manager version 4.2 or later. They are subject to change.

A detailed sizing exercise may require details such as typical event size, typical log size, log collection frequency, O/S and hardware versions, application version details and other information. Assuria can provide sizing assistance, including a sizing modelling spreadsheet (available on request).

Contents:

Solutions

IT Security Best Practice

Protective Monitoring

Security Intelligence

Compliance

Forensic Audit Trail

Operational Stability

The threat from within

Virtualisation Security

Products

Accellion	Rapid 7	Becrypt	Boldon James	Imation	Live Ensure	WatchDox
Archival Satellite Automated Solution Deployment Options DLP - Satellite Enterprise Plug-ins Kitedrive Mobile Mobile Apps Secure Collaboration Secure File Transfer Solutions	Downloads Metasploit News NeXpose Health Check Metasploit Demo Strong Password	Adanced Port Control Connect Protect Disk Protect Enterprise Manager Media Client Removable Media Tablet Encryption Trusted Client	Email Classifier File Classifier Mobile Filter Office Classifier OWA Classifier Sharepoint Classifier	Biometric Hard Drive Defender Flash Drives defender Pivot Encrypted Hard Drive Ironkey Basic Ironkey Enterprise Ironkey Personal Optical Media Stealth Zone	Website Authentication App Authentication Identify Multi-Factor Authentication Fingerprint recognition SSO Authenticates Users	Enterprise Document Exchange Secure Investor Sharepoint Virtual Data Room ICO Fines Delete Data Mobile App Secure iphone Secure Blackberry Secure Android Secure Outlook Windows Plugin Secure Documents Sample Trial Videos Publisher

New Compliance			Sapior	Quipa	Assuria
Online Security Awareness Training Online Compliance Training E-learning Data Protection Training Information Security Awareness Training			Data Harvesting Privacy Audit Pseudonymisation	GCSx Loop News Quipa Loop	Auditor Auditor RA Log Manager Solutions