Security information and event management (SIEM) software gives enterprise security professionals both insight into and a track record of the activities within their IT environment.

SIEM technology has been in existence for more than a decade, initially evolving from the log management discipline. It combined security event management (SEM) – which analyzes log and event data in real time to provide threat monitoring, event correlation and incident response – with security information management (SIM) which collects, analyzes and reports on log data.

Venusense USM is based on IT asset and keeps focus on application/business system. USM can be used for centralized supporting platform for network monitoring, security audit, measurement and routine maintenance.

The Venustech SIEM solution is composed of various components under the Venusense Unified Security Management (USM) product, which includes modules for Security Analytics (SA), Network Behavior Analysis (NBA), Configuration Verification System (CVS) and Business Security Management (BSM). Venusense SA provides log collection, normalization and storage, and an analytics engine for threat detection and compliance use cases. It is based on a big data platform, with both Hadoop and Elasticsearch options available, that enables ML analytics in addition to standard correlation-based detection. The solution can be deployed via software, or as a virtual or physical appliance.

Technology Feature

Flexible and Powerful Situational Awareness

Based on detailed log normalization, classification technology, and distributed non-relational database in big data, Venusense USM realizes the full-text index of formatted data and original log. Combined with distributed processing, Venusense USM provides policy-based security event analysis, interactive query through visual dashboards, and powerful hybrid search capability with a variety of log analysis technologies.

Smart Flow Security Analysis

Venusense USM establishes flow behavior profiling to identify asset attributes and supports business flow anomaly detection and compliance checks. Through the capture, generation and intelligent analysis of the business network traffic information achieves the flow and security events cross-analysis and traceability.

Comprehensive Vulnerability Management and Risk Assessment

Venusense USM realizes real-time and efficient linkage with a variety of leaky system and supports comprehensive vulnerability control through built-in configuration verification. Venusense USM implements a quantitative risk assessment based on risk matrices with reference to international standard.

Business-Based Security Management

Venusense USM provides built-in business oriented modeling tool, which helps to construct business topology and create business health index, evaluating the health state of business from performance, availability, vulnerability and threat, to help users analyze business availability, business security events and business alerts.

Intelligent Correlation Analysis

With the advanced intelligent correlation analysis engine, Venusense USM can correlate all structured log flows in real-time and uninterrupted. Venusense USM provides three event correlation analysis methods: rule-based association analysis, context-based association analysis and behavior-based association analysis, and provides abundant clear visual security events pictures, which greatly improves the efficiency of analysis.