+44 (0) 118 935 7395

Assuria Log Manager (ALM)

Assuria Log Manager (ALM) - Cloud Ready SIEM

ALM is a CESG CCTM Accredited Forensic SIEM/Log Management solution.

Used by government agencies, major commercial organisations, local government departments and IT service providers to deliver IT security intelligence and visibility of system activity to the people who need it. ALM is used to support:

  • Security Operations Centres (SOC)
  • Protective Monitoring
  • Log Management
  • Analysis & Alerting
  • Security & Compliance Reporting
  • Forensic Readiness

Available downloads

Assuria Log Manager Datasheet

Assuria GPG13 Datasheet

+-Key Features
  • Enterprise Wide Log Collection. Secure and forensically sound collection of logs from almost any source into a central store.
  • Log Management. Enterprise wide automated management of logs, including log rotation.
  • Forensic Readiness. Logs are collected in a secure and forensically sound manner, retaining their original form and complete with relevant meta data, thus allowing repeated examination with new analysis rules and use of the logs by other applications and processes.
  • Automated Analysis. Collected logs are processed by a rules-driven analysis and anomaly detection engine. Flexible and extensible analysis rules allow ‘interesting’ events to be tagged and written to a database for further analysis and reporting.
  • Data Visualisation and Querying. ALM provides facilities to visualise, analyse and report on stored original log data, allowing unstructured ‘Google’ type searches on any item, providing rapid and effective interactive analysis and learning. Knowledge gained in this way can provide input to the generation of new automated analysis rules and reports.
  • Real-time Event Alerting. Configurable to specific log events, sent via Email and/or SNMP traps.
  • Log Data Export. Export of collected log data to external systems (including other SIEM solutions) in various forms - raw logs, form normalised or content normalised. Highly scalable - supports multiple exporters.
  • Reporting. Flexible analysis, correlation, aggregation and reporting in HTML, PDF, XLS, XML and CSV.
  • Agent Based Log Management. Ensures the security, continuity and integrity of all collected logs and allows alerting at the log source.
  • Digitally Signed. An RSA/SHA256 digital signature is calculated and the log digitally signed before transfer. Transfer is authenticated and encrypted using TLS.
  • Secure Storage. Log cataloguing, chain of custody records, archive creation and management. Archive to secure long term storage, complete with a digitally-signed manifest.
  • Scalable and Modular Architecture. Designed to support almost any sized IT environment up to thousands of log sources. Supports multiple collection points, with load balancing and resilience built-in.
  • Role Based Access Control. Privilege control is provided by built-in RBAC features. Multiple users can log into the ALM Console to manage security policies, agents, log collection policies, agent policies, and syslog forwarding, as well as to create archives, generate reports and many other processes.
+-Architecture

ALM is a software solution, providing significant advantages over hardware appliance based solutions. There is no need to install additional 'black box' appliances to support ALM, instead it can be implemented on existing systems within the IT infrastructure. Advantages over appliance solutions include lower cost, flexibility of implementation, scalability (the ALM Starter Pack allows small initial rollouts to be gradually scaled up to major enterprise implementations very easily) and extensibility, all important features for enterprise implementations.

ALM Collection Architecture

The data flow diagram below illustrates the flexible and secure collection features within ALM, whereby collection of log files is undertaken using a variety of methods, including fully automated and secure resident agents through to various native collection processes for network devices, firewalls and other security appliances. ALM fully supports the use of one way enforcement devices.

ALM Processing Architecture

+-System Requirements

The system requirements indicated below are for Assuria Log Manager version 4.2 or later.

A detailed sizing exercise may be required in order to correctly size the ALM implementation. Details such as typical event size, typical log size, log collection frequency, O/S and hardware versions, application version details and other information may be required. Assuria can provide sizing assistance and a sizing modelling spreadsheet is available on request.

Typical installation scenario

An ALM installation usually consists of one or more core systems that manage and report on multiple agents. An installation can be as small as a single ALM agent installed on a single computer along with the core ALM components, or it can consist of multiple core systems managing agents, and other tools across several systems.

System Requirements (ALM Core)

The system requirements for installing the ALM Core on a computer if you are evaluating the software or are conducting small-to-medium installations are:

Requirement: Sizing Recommendation:
Processor 1 Ghz Intel Pentium III or greater
Operating System  
  • Windows 7 (Server Edition)
  • Windows Server 2003 / R2
  • Windows Server 2008 / R2
  • Windows Server 2012 / R2
Windows Server 2008 / R2
Memory 512MB or greater
Hard disk space Software installed 200MB
Database
  • SQL Server 2005 (Express for small volumes)
  • SQL Server 2008 / R2
3rd Party s/w (not incl.) SQL Server Native Client (if ALM Core on separate system)
Other ALM components The ALM console is installed with the ALM core
transparent gif

transparent gif
Assuria software installations are highly scalable

Software

Assuria is traditionally delivered as a software solution to sit on your preferred hardware platform or on a virtual server. Assuria software installs are highly scalable.
Assuria offer a range of hardened appliances

Appliance

Assuria offer a range of 'plug-and-play' appliances that are sized for your requirement. We offer 24x7 support on all software and hardware deployments and a range of licensing options that are flexible to meet our customers requirements.
Assuria Managed Security Service

Cloud

Assuria can be provided as a managed service 'in the cloud' whether you require an In-premise installation and external management or a totally hosted solution.
Assuria provide key solutions for Security Operation Centres SOC

SOC

Assuria provide key solutions for Protective Monitoring at Secure Operations Centres and offer a secure multi-tenant version for service providers to white label.
transparent gif

Latest News:

facebook twitter linkedin