Skip to:

Security Information and Event Management (SIEM)

Processes and tools that help address ongoing and increasing security monitoring needs.

 
 


Overview

A Security Information and Event Management System (SIEM) helps organizations and their security professionals identify and promptly respond to threats, demonstrate compliance with regulatory requirements, and perform sophisticated forensics.

This service includes a log management appliance that collects and manages logs from selected systems, as well as an event monitoring system that correlates events for incident response and reports on compliance.  The system sends automated alerts and reports to requestors. 

Although part of a broad-reaching enterprise system, individual customers log into segregated areas and monitor according to an organization's requirements.

Services offered include log management, event correlation, start-up assistance, modification and customized report generation.

 
 

Features & Benefits

Features

  • Management of security event logs and repository.
  • Correlation of security events from different log sources.
  • Generation of needed reports and logs for compliance reporting.
  • Assistance with the profiling of assets and known vulnerabilities.

Benefits

  • Streamline handling of security incident information in the security incident response process.
  • Near real time notification of security events.
  • Relevant state computer systems are continously monitored for adverse information security events.
  • Better situational awareness that recognizes and prevents unwanted behavior on the network or computer system.
 
 

Getting Started

This service is provided to the executive branch.  For more information about using this service, contact your Account Manager.

Contact your Account Manager    Visit the MN.IT Mall for more information

 
 


Enterprise Information Security Monitoring (EISM)

Responsible for gaining situational awareness through continuous monitoring of networks and other IT assets for signs of attack, anomalies, and inappropriate activities.

 
 


Overview

Enterprise Information Security Monitoring (EISM) is responsible for gaining situational awareness through continuous monitoring of networks and other IT assets for signs of attack, anomalies, and inappropriate activities.

Security Information Event Management (SIEM) and Intrusion Detection Prevention (IDP) are the centrally managed components of the EISM service.  This service is offered to executive branch agencies, customers of the state’s consolidated datacenters, counties and cities with critical infrastructure to improve the situational awareness within the state.

Situational Awareness is an expensive and difficult service to deploy in a high distributed environment and at the customer-level.  Service consolidation makes this financially possible for all consolidated customers.

 
 

Features & Benefits

 

Improved Security Profile and Compliance ensures better security through uniform and repeatable processes. It is difficult to develop and enforce good situational awareness at the agency level. This system along with management processes will improve the state security profile.  This will meet compliance goals and reduce audit expenses.

Economy of Scale/Quality of Service reduces costs to develop new government systems by leveraging a centralized solution. With a centralized utility system, MN.IT Services can allocate the resources necessary to manage the system. Keeping the technical expertise is difficult and expensive since these are often part-time positions. Centralizing provides an obvious improvement to the situation.

Improved Cyber Attack Capability provides an enterprise view where attacks may use information from one application to attack another agency.  EISM central monitoring will provide:

  • Reduced time and costs to investigate security incidents.  Security professionals focused and knowledgeable about the enterprise can quickly correlate information.
  • Improved security incident communication across the enterprise.  The centralized service communicates attacks to other agencies so you are aware of the enterprise security profile.
  • Consistent and robust security monitoring capabilities across all agencies, including those with limited resources.  It is cost effective for smaller agencies to purchase a monitoring service specific to their requirements.
  • Enhanced availability and performance awareness for all government computer systems.
  • Improved ability to fulfill regulatory and compliance requirements.  This service and related policies and standards are designed to meet customer compliance requirements.
  • Security events are automatically identified and investigated giving the customer the ability to make educated risk decisions.
  • This service gives the customer the ability to focus on their business and not on security.
  • Provided as a utility service being capable of delivering standardized, scalable IT functions that do not require the customer to assume any operations responsibility.
 
 

Getting Started

Is your organization planning to:

  • Migrate to a consolidated data center?
  • Become compliant with regulations regarding situational awareness?

Contact your Account Manager    Visit the MN.IT Mall for more information