Log360, the complete network security and public cloud auditing tool
Log collection methods
Log360 supports collection and analysis of any log data that exists in a readable format. It supports both agent-less and agent-based log collection mechanisms. With its universal log parsing and indexing (ULPI) technology, the solution will parse and analyze logs from in-house applications, as well. Logs are collected from:
- Network devices such as routers, switches, firewalls, and IDS or IPS.
- Applications such as IIS and Apache web servers, Oracle, MS SQL, DHCP Windows and Linux applications, vulnerability scanners such as Qualys, Nessus, and OpenVAS, threat intelligence solutions such as Symantec DLP application, FireEye, and Symantec EndPoint protection, and more.
- File servers such as Windows file servers, NetApp filers, EMC file servers, and file clusters.
- Domain controllers, Windows workstations, and member servers.
- Public cloud platforms such as Amazon Web Services (AWS) and Microsoft Azure.
Log360 is recognized in 2016 Gartner Magic Quadrant for SIEM. View Report
Log360 helps you remain 100 percent compliant to regulatory mandates in the following ways:
- Provides out of the box reports for compliance mandates and real-time alerts upon any compliance violations.
- Gives you the flexibility to modify the existing compliance reports to meet your internal security policy needs and create custom compliance reports for anything else.
- Lets you monitor the privileged user activities, group membership modifications, security policy changes, critical changes to confidential data, permission changes, and more.
- Supports secured log archival for a custom time period to meet the compliance requirements. The solution also allows you to the load the audit data back to the database and conduct forensic analysis over the archived log files.
Log360 ensures the security of confidential data by continuously monitoring it and providing an extensive audit trail for both internal and external data breach. With the file integrity monitoring (FIM) feature, you can:
- Track critical file and folder changes such as file creation, modification, and deletion.
- Receive instant email or SMS alerts for critical changes to your confidential data.
- Keep an eye on the complete user audit trail. Learn who accessed your confidential data, when it was accessed, and from where.
Internal threat mitigation
With Log360, you can monitor privileged user activities on critical servers. Get real-time alerts for any unauthorized access or abnormal user behavior.
- Monitor user logon activities for domain controllers and critical Windows, Linux, and UNIX servers with predefined reports and alerts.
- Detect unauthorized logon attempts.
- Spot users who connect to domain controllers or workstations through a terminal services session or VPN access.
- View privileged users' complete session activity.
- Get detailed logon failure and success reports. For Windows workstations and critical servers, make sure you know why logons fail.
- Instantly see who changed your firewall rules, settings, and GPO configuration.
Combat external attacks
Log360 helps protect your network from external security breaches. Detect network intrusions as soon as possible by analyzing log data from perimeter network devices, vulnerability scanners, and unified threat management solutions. This solution collects and analyzes log information from unified threat intelligence solutions such as FireEye and Symantec Endpoint and provides reports to help security admins contain the security attacks. With Log 360's powerful analysis capability, you can:
- Find and fix security loopholes with out of the box reports on Top Vulnerable Ports, Protocols, Hosts, Exploitable Vulnerabilities, Services, Top CVS Score by Count, and more.
- Get detailed information about top malware attacks, targeted IPs and ports, severities, source IPs, active sensors, and much more to predict the flow of external security attacks.
- Ensure that your confidential data is secured by continuously monitoring log data from data loss prevention (DLP) applications such as Symantec DLP. Out of the box reports give information on top senders, recipients, protocols used, target data, data owners, and more in an intuitive graphical format.
Log360 supports forensic analysis over the collected logs. It has a powerful but easy to use search engine that helps you find the root cause of security breach attempts.
- Log360's search engine supports various options such as Boolean search, range search, group search, wild card search, and more to find the exact log entry that pinpoints the attack attempt.
- Search results can be saved as a report or alert criteria to prevent future attack attempts.
- Supports secured log archival. At any point in time, you can load the archived log data back into the database to perform forensic analysis.