Log analysis

Security incidents may be detected from log entries using a default set of rules and individually configured policies. A dashboard for individual monitoring may also be created. In the event of a security incident, we also provide individual alerts and availability at selectable frequencies (immediate/weekly/monthly/quarterly) in accordance with the relevant regulatory requirements (General Data Protection Regulation, GDPR) or other market standards, in addition to the reporting function.

Our SOC service is based on a log analysis system, centrally installed, operated and managed by Invitech, which processes, normalises, categorises and securely stores incoming log events and network traffic data, while also making them searchable. Furthermore, the system attempts to identify and prioritise potential security incidents, separating these from the received elementary events using a built-in set of rules.

The main features of SOC are therefore continuous monitoring and the ability to intervene immediately. Our colleagues stay up to date regarding new IT security threats worldwide by obtaining information from international security services (CERTs), vendors and other sources of security news, as well as the official NIST/CVE database. This information is aggregated and then analysed for relevance for each client so that potential threats to client data may always be accurately identified. If the security level of a potentially compromised system is threatened, SOC experts will carry out a prompt impact and risk assessment to prepare the response, identifying the necessary steps and informing those responsible in the order of escalation and communication hierarchy.

Invitech provides this service using its own SIEM platform installed in its own data centre. Hence it is not necessary to install an SIEM system at the client's site.

Centrally installed, operated and managed by Invitech, our central log analysis service processes and categorises incoming log events and network traffic data while also making them searchable, and it provides for secure storage. Our SIEM (Security Information and Event Management) system also facilitates the correlation of data. As a result our Security Operation Centre (SOC) staff is not only able to proactively identify IT gaps and risks in the system but also perform preventive actions immediately. To ensure the integrity of the logs, a unique, encrypted fingerprint of log lines is preserved so that any subsequent intervention, modification or deletion may be detected and managed immediately. The confidentiality of logs is guaranteed by using client-specific settings separated at database level. If you want to control log analysis and alarm by yourself, encrypting data fields within log rows with a unique key is also facilitated. This way, the contents of log files will only be accessible for you and your authorised representatives.