|
Secode ModularLOGic comprises four main modules: - ModularLOGic Harvest
- ModularLOGic Harmonize
- ModularLOGic Analyze
- ModularLOGic Visualize
These modules interact with your staff and our 24/7 SOC as illustrated underneath: 
ModularLOGic Harvest The Harvest phase contains the process of data acquisition from the different log sources; transmitting data to the central storage unit and secure storage of raw data for possible future use in legal proceedings. In this phase, Secode prioritizes faultless collecting, transmission and storing of the valuable raw data which forms the basis for further processing. The Secode operators continuously monitor the data stream from data collection and -transfer. Alerts are triggered for immediate notification and corrective measures if a log source fails or reports faulty data. The raw data storage is treated as "sacred" and irreproachable. Consistent and uninterrupted logs from all sources is the main quality objective of the harvest phase. Secode prioritizes keeping the data streams going uninterrupted through changing times and technologies, in order to ensure consistency of the raw logs. The Log collectors are design to collect an unlimited amount of log data from almost every log source in almost every format. The Log Collectors can be located close to the log source when required and are High Availabiliy ready. Particular consideration has been made to first store raw data in a central high-capacity storage solution, surrounded by strict security measures as the initial step of the process. Subsequently, the work of further recreating the course of events and preparing statistics is performed on copied data sets. Secode further emphasizes that all components except the GUI server are placed in the Customer's own data center(s), and that the system is 100% dedicated to the Customer. Harvesting log data via: - Agents (Multi-OS)
- Syslog
- Propriety formats
- Custom based solutions
ModularLOGic Harmonize The Harmonize phase consists of the process from secure storage of raw data to a harmonised and classified working copy, which is stored in the system's In memory and In storage sections. The log files go through a normalizing process to a common, indexable and searchable format, where among other things clock synchronization and preparation for analysis are performed. The data further undergo a data classing system, which enables homogenous correlation and presenting of information along a time axis, regardless of which log source the data is collected from. The main quality objective of this phase is efficient, uninterrupted and monitored preparation of the data sets. In parallel with log data harmonization, the first part of the analysis component, real time alerts, commences; as log data are searched for given criteria/key values. All data is handled by Data Process Handlers (DPH). Storage to a SAN is a standard option. Modules: - Normalization
- Classification
- Realtime Alerts
- Statistics
- Indexing
ModularLOGic Analyze The Analyze phase consists of a mechanical analysis, combined with the 24/7 manned service; different types of data processing using filtering and extraction techniques to isolate security incidents and defined IT-Operations activities are continually performed. During this part of the process, certain specific incidents will trigger real time alerts. Interesting findings, either from real time alerts or other indicators and nonconformities, will be correlated in order to isolate the course of events in different forms of drill-down functionality; and presented along a time axis for further corrective measures. Searches for incidents In memory is part of the Analyze phase. The main quality objective is a professionally consistent and comprehensive search for security incidents, unwanted incidents/events and IT-Operations incidents. Events input - Customer initiated requests
- Classifications (signature based events & anomalies)
- Statistics on anomalies
- Realtime alerts (thresholds & key signatures)
ModularLOGic Visualize The Visualize phase consists of the representation of findings and results, producing specific graphical presentations in electronically editable format; and adaptation and production of periodic reports that are useful to the Customer's different stakeholders. The main quality objective is presenting alerts and data in a manner that is easy to understand and communicate for the Customer's representatives. This also involves that the agreed upon reports are of a consistant high quality and service level, and are received at the right time by the correct recipient. Visualization - Customer GUI access
- Graphical presentations
- Event time line visualizations
- Incident reports
- Status reports for events and log data control
- Monthly summary reports
Please do read further... | 
