The second part of our enterprise-grade feature series is a new API package that provides turnkey SIEM integration with leading security information and event management (SIEM) systems, including HP ArcSight and McAfee Enterprise Security Manager.
This solution enables enterprises to effortlessly assimilate Incapsula security information into their SIEM systems, allowing them a near real-time snapshot of all important security-related information and events within their network.
It is common for large enterprises to employ a multi-layered security mix that relies on a combination of disparate security technologies from different vendors. Managing such a diverse mix of technologies is rarely simple and often cumbersome.
SIEM solutions help manage these multiple technologies by offering a centralized environment where users can easily access and analyze security information from a large number of sources. SIEM enables operators to prioritize mitigation efforts based on the risk posed by each incoming threat, thus facilitating responses that are both data-driven and scalable.
Additionally, by employing a SIEM solution, enterprises are able to comply with security standards, such as PCI DSS.
Incapsula SIEM Integration
The Incapsula SIEM integration solution will allow enterprises access to their website security information without needing to interface with a separate UI.
In addition to providing all of the enterprise’s security information on its existing SIEM, the solution also interprets raw data to highlight anomalies in traffic patterns.
Crucially, these anomalies can be used as early warnings of a larger attack, as perpetrators frequently execute minor attacks before launching the main assault–just to see how the target responds to different attack vectors.
Our SIEM integration exposes these kinds of “pre-attacks”, providing enterprises a decisive head start in preventing DDoS attacks and other security events.
As illustrated above, Incapsula’s SIEM integration has three major components:
- An expanded API
- An API connector
- A predefined package installed as a SIEM add-on
The expanded Incapsula API includes the following:
- Support for CEF and W3C formats
- Near real-time event reporting
- In-depth event information (e.g., attacker geo-location down to city-level)
- MSSP support – central aggregation of events for all MSSP customers
- Complete granular data – without any suppression
Incapsula provides an API connector that resides on your network, serving as a link between our new API and your existing SIEM. The API connector automatically issues API calls to Incapsula and pushes all received information to your SIEM solution.
To offer you a higher degree of control over API-provided information, we have specifically developed predefined packages to meet the needs of HP ArcSight and McAfee Enterprise Security Manager users.
Each tailor-made package offers:
- Predefined rules that correlate security events, while highlighting threats that require immediate attention
- Custom reports for in-depth analysis, helping you proactively identify emerging attack trends
- An optimized dashboard that offers a snapshot of the threat landscape
Going forward, we are committed to providing timely updates to ensure that each SIEM package is in accordance with the latest industry standards
Second of Three Major Updates
Our SIEM integration is the second of three major enterprise service updates that we’re announcing today. The other two are:
- New dashboard that monitors network layer DDoS attacks
- Infrastructure Protection for individual IP addresses
The theme of this coordinated service upgrade is about enabling you to use the Incapsula system in new ways – and to do so from within your existing security solutions and workflows.
For more information about this new feature, or to sign up to be a part of our early availability program for the SIEM integration feature click here and include ‘SIEM integration Early Availability Program’ in the comments field.