Securiment Application Monitoring

Introduction

Securiment Application Monitoring (SAM) is an application security monitoring service developed by Securiment to cater Security monitoring needs of custom applications. Within SAM, Securiment has developed Custom Application Logging Standard (CALS) for creating a unified application logging outlook. CALS uses a Common Event Format (CEF) logging schema to define a syntax of log records comprised of standard prefixes and variable extensions that are formatted as key-value pairs.

CEF enhances interoperability between event-generating devices such as Checkpoint and Palo Alto Firewalls Etc. To go along with interoperability in mind CALS offers standard event formats for crucial events that need to be generated from custom applications that adhere to security compliance and security monitoring requirements.

Application Security Monitoring Architecture

Custom Application Log Standard

Custom Application Use Case Library

Problem Statement:

Integrating logs from hundreds of custom and vendor applications within SIEM is a significant challenge. We believe that the integration of security information and event management (SIEM) environments are a core problem due to the diverse formats used by each device vendor to report event information. Log standardization can be the solution to this problem statement.

Solution – Implement SAM

Securiment SCALS addresses the above problem by enabling efficient integration of applications into SIEM. To effectively monitor and maintain hundreds of applications with various configuration changes and upgrades, it is crucial to follow a logging standard across all applications. Log standardization is necessary for structured, straightforward, and time-efficient onboarding of applications for security monitoring, improved log quality and maintenance, better support for use case building and maintenance, clear understanding for application owners, manageable expectations of service owner and information security officers, and enforcement of the Global Security Monitoring Policy developed by the GISO department.

The Securiment centralized monitoring service covers both generic and specific application use cases, and to be monitored by generic use cases, applications should produce the necessary events and follow the standard, including mandatory fields such as the device host information for all events. The enforcement of mandatory fields through the standard is essential for achieving the best quality and usefulness of the logs and alerts in Securiment CALS.

For a demo or to get more information contact Securiment.