CALM provides ‘single pane of glass’ visibility for all security and IT infrastructure related events taking place within an organisation. Organisations typically generate in excess of 2 million logs per IT user which without a SIEM, will reside across multiple IT and security platforms. CALM enables organisations to centralise logs and process, enhance, visualize and generate alerts based on the ingested information.
Once a log message is ingested and processed, the contained information is parsed to searchable and indexed fields which makes the log easier and faster to analyse. CALM provides a search interface which enable organisations to quickly interrogate and drill into logs from one or more devices in specified time windows. This enables fast trouble shooting and investigation of security incidents, thereby reducing response and remediation times.
With an advanced log management capability CALM security rules can be defined, which provide organisations with the capability to proactively identify threats and respond before any damage has occurred. The CALM log processing engine enables the correlation of events and enrichment of logs as they ingress the platform, this provides organisations context to logs such as location of activity, user-name, threats and devices which may otherwise have to be looked up manually.
With a native threat intelligence feed from CTC, CALM is updated with current threats every minute and all logs are analysed for Indicators of Compromise (IoC). IoCs that are identified by CALM include IP addresses, Domains, URLs, Filenames and File Hashes. With CTC, CALM enables organisations to automatically and proactively identify threats and the CTC cloud interface also provides a threat investigation capability for faster forensic investigations.