Digital Innovation Strategy
The solution implemented across Essar’s IT was setup to analyze security event data in real time for internal and external threat management. It collects, stores, analyses and reports log data for incident response, forensics and regulatory compliance. The solution has been deployed over multiple appliances, providing flexibility and scalability for the current and future needs.
The solution comprises of event receiver, log manager, security manager, data monitor, event monitor, threat intelligence, correlation engine, threat intelligence exchange (TIE) with Anti Threat Detection (ATD) and AR (Active Response) mechanism. It is a distributed architecture with log collectors at critical locations connected over MPLS cloud. Over the period of time, various use cases have been configured with co-related rules to provide real-time alerts and daily reports to identify and detect abnormalities.
Integration with various event and log sources that works well as an orchestration layer facilitates actionable alerts in cases of anomalies based on various configured rules. The actionable alerts help to move from detection mode to prevention mode. Also, the various reporting dashboards give complete visibility of the overall IT landscape that includes IT infrastructure components, security solutions and application with databases. This has helped to improve governance and tighten the loose ends.