Search Blog for

Incapsula Introduces Turnkey SIEM Integration

The second part of our enterprise-grade feature series is a new API package that provides turnkey SIEM integration with leading security information and event management (SIEM) systems, including HP ArcSight and McAfee Enterprise Security Manager.

This solution enables enterprises to effortlessly assimilate Incapsula security information into their SIEM systems, allowing them a near real-time snapshot of all important security-related information and events within their network.

SIEM 101

It is common for large enterprises to employ a multi-layered security mix that relies on a combination of disparate security technologies from different vendors. Managing such a diverse mix of technologies is rarely simple and often cumbersome.

SIEM solutions help manage these multiple technologies by offering a centralized environment where users can easily access and analyze security information from a large number of sources. SIEM enables operators to prioritize mitigation efforts based on the risk posed by each incoming threat, thus facilitating responses that are both data-driven and scalable.

Additionally, by employing a SIEM solution, enterprises are able to comply with security standards, such as PCI DSS.

Incapsula SIEM Integration

The Incapsula SIEM integration solution will allow enterprises access to their website security information without needing to interface with a separate UI.

In addition to providing all of the enterprise’s security information on its existing SIEM, the solution also interprets raw data to highlight anomalies in traffic patterns.

Crucially, these anomalies can be used as early warnings of a larger attack, as perpetrators frequently execute minor attacks before launching the main assault–just to see how the target responds to different attack vectors.

Our SIEM integration exposes these kinds of “pre-attacks”, providing enterprises a decisive head start in preventing DDoS attacks and other security events.

Incapsula SIEM Integration

As illustrated above, Incapsula’s SIEM integration has three major components:

  • An expanded API
  • An API connector
  • A predefined package installed as a SIEM add-on

New API

The expanded Incapsula API includes the following:

  1. Support for CEF and W3C formats
  2. Near real-time event reporting
  3. In-depth event information (e.g., attacker geo-location down to city-level)
  4. MSSP support – central aggregation of events for all MSSP customers
  5. Complete granular data – without any suppression

API Connector

Incapsula provides an API connector that resides on your network, serving as a link between our new API and your existing SIEM. The API connector automatically issues API calls to Incapsula and pushes all received information to your SIEM solution.

Predefined Packages

To offer you a higher degree of control over API-provided information, we have specifically developed predefined packages to meet the needs of HP ArcSight and McAfee Enterprise Security Manager users.

Each tailor-made package offers:

  • Predefined rules that correlate security events, while highlighting threats that require immediate attention
  • Custom reports for in-depth analysis, helping you proactively identify emerging attack trends
  • An optimized dashboard that offers a snapshot of the threat landscape

Going forward, we are committed to providing timely updates to ensure that each SIEM package is in accordance with the latest industry standards

Second of Three Major Updates

Our SIEM integration is the second of three major enterprise service updates that we’re announcing today. The other two are:

  1. New dashboard that monitors network layer DDoS attacks
  2. Infrastructure Protection for individual IP addresses

The theme of this coordinated service upgrade is about enabling you to use the Incapsula system in new ways – and to do so from within your existing security solutions and workflows.

For more information about this new feature, or to sign up to be a part of our early availability program for the SIEM integration feature click here and include ‘SIEM integration Early Availability Program’ in the comments field.