Close
NS One NS One
Bâtiment Oslo - Les Fjords
19, avenue de Norvège - ZA Courtaboeuf 1
91140 Villebon sur Yvette - FRANCE
Tél. : +33 (0)1 69 59 12 00
Fax : +33 (0)1 69 59 12 05
Contact form >
Contact

LOG One : the global security supervision

Print
LOG One

Today more than ever, the multiplication of security equipments, the increase of data exchanges volume and the new regulations on management of the data or transactions impose on the companies the installation of traceability means, complementary to the security equipments. The problem being : how to effectively treat the whole of the generated logs?

To facilitate the administration of the logs generated and to determine the degree of confi dence and the reliability of the security policy, it is essential to centralize the information collected in a single solution.

The LOG One solution

  • Customizable approach
  • Analysis in real time
  • Evolutives and
    automatic reports
  • Modular architecture
  • Powerful data base

LOG One is a software solution for the centralization, analysis and correlation of security equipments, network and servers logs. It simplifi es the work of administrators by centralizing the events coming from the various equipments or applications.

The collected events are correlated in real time to produce relevant and recorded alarms in parallel to a later analysis. An expert system permanently studies the history of the events collected to supplement the analysis in real time with reports.

The solution covers the complete methodological cycle for the management of incidents: prevent, detect, confi ne, inquire, correct and document.

Informations collect

The logs are collected by non-intrusive remote and local agents, installed in dedicated boxes next to the security equipment or directly on servers.

They are then transferred to a universal collector of events which repatriates them under the standard formats (LEA, File, OCBC, Syslog,...). Nonintrusive, it adapts to each equipment and does not require any update nor particular confi guration.

The solution supports daily volumes of collection of several Tera bytes and data bases of several hundreds of Giga bytes in order to preserve an on line history of the security logs over several months.

Gathering, filtering, correlation and storage

The LOG One solution embarks the module LOG Manager. It ensures:

  • The filtering of all the events considered as useless.
  • The events correlation of several equipments to allow the release of alarms and skeletal actions.
  • The automatic generation of analysis reports and transmission by e-mail.
  • The emission of SNMP alarms for the administration and supervision platforms.
  • The realization of thorough analysis (skeletal requests editor).

Development of detailed reports

LOG One assists the security administrators in the defi nition and the generation of reports in order to simplify the implementation of a procedure of regular monitoring and alarms, adapted to the security policy of each company.

The defi nite reports are automatically distributed to the security administrators when alarms are set off by prohibited behaviors or attacks.

LOG One gives sights on the security state, according to the needs of the company.

A very complete page-setting and report presentation tool is also integrated. The reports, generated with format PDF, are sent in the e-mails intended for the users.

The user interface

Organized by trade, it simplifi es navigation and accelerate the access to information. It is thus possible to provide to the applicatif managers,
to the data-processing managers and all the not-experts an information portal brought up to date permanently on the security state.

Monitoring in real time of the total state of collection and logs analysis infrastructure of the logs as of the security increases the level of control of the tool and facilitates the decision-making.

schéma log one

LOG One performs analysis of all data-processing infrastructure’s logs: security equipments (firewall, antivirus, etc), measurement equipments (IDS probes), protected resources (servers, applications, etc) and if needed all the end users desktops available on the network.

Such logs can be admissible in the court of Law. They are therefore saved ‘as is’ for the purpose of providing a proof in case of fraud or more broadly in case of a trial.

LOG One supports several hundreds of Giga octets databases.

More informations

Supported peripherals
Firewalls Ace Timing, Arkoon, CheckPoint FW-1, Cisco Pix, Cyberguard, IDMEF (format standard IDS), IPTables, MATRAnet, Netasq, Netscreen, Nokia, Secure Computing, SideWinder
Network Alteon, Aruba, Cisco, Nokia, Radware
VPN CheckPoint VPN-1, Cisco VPN, Juniper Netscreen, SSH
Proxies Arkoon, BlueCoat, Computer Associates eTrust, Cyberguard, DenyAll rWeb, Finjan SurfinGate, Microsoft ISA Server, Nec eBorder, NetApp NetCache, Permeo eBorder, Redline, Squid, Sun, Suse ProxySuite, WebSense
Web/FTP servers Apache, iPlanet, Microsoft IIS, NCSA CLF (format standard), PureFTPd, WebSphere, WELF (format standard WebTrends)
DNS servers Bind
Probes ISS RealSecure, Snort, Cisco Secure IDS
Operating systems Sun Solaris, Microsoft Windows, IBM AIX
Access Control / Authentication: ActivCard ActivPack, Bull Dialin, Cisco, Clearswift, Free Radius, ISS, Netegrity, RSA ACE, Secure Computing, Squid, Sun, SSHd, Trend Micro, Websense
Mail services Computer Associates eTrust, Postfix SunOne, Messaging Server
AntiVirus / AntiSpam Clearswift MimeSweeper, Computer Associates eTrust, IronPort, McAfee Alert Manager, Nokia Message Protector, Norton, TrendMicro VirusWall/eManager/WebProtect, Symantec
Others Nagios, Solsoft NetSecurity Master, Sygate

 

Characteristics and functionalities

Centralisation, standardization and fi ltering of security logs

  • Collect of the logs by local or distant agents. Filtering and storage by Log Manager
  • Simultaneous modes of remote collection: Syslog, OPSEC LEA, ODBC access, eventlog Windows, RSA/ACE server, Cisco IDS
  • Simultaneous modes of remote collection: simple fi le, repertory, etc.
  • Gathering of the logs by Log Manager with compression and SSL data coding
  • Mode of gathering of the logs: uninterrupted, periodical or programmed
  • Standardization of the logs in formats adapted to each type of
    peripheral
  • For each equipment: fi ltering of the events either by tules of acceptance
    or by rules of rejection

Analyzes and reporting: requests, reports, alarms

  • Construction of multi-peripherals interrogation rules
  • Automatic generation of overlapping requests
  • Wide functions of reports generation (several requests, several graphs)
  • For each equipment, fi ltering of the events take into account by the alarm’s module
  • Correlation between events over a fi xed period of time and generation of alarms
  • Automatic release of actions: automatic gerneration of reports and sending by e-mail, sending of alarm by SNMP, etc

Supported platforms

  • Log Manager : Windows 2003 / 2000 / XP / NT4, Solaris, Linux,...
  • Log Agent : platform supporting virtual equipment Java

 

Most read articles

Latest news

Ils nous ont fait confiance

Finance/Assurance

Ag2r, AvBank, Axa Banque, Azur Assurance, Banque de France, Banque Populaire, BFT, BNP, Caisse d’Epargne, Crédit Agricole, Crédit Coopératif, Crédit Mutuel, GMF, HSBC, ING Direct, La Banque Postale, Macif, MMA, Société Générale, Sofinco,...