Security Information and Event Management (SIEM) Policy

By adhering to this policy, Eververse ensures that real-time correlation, monitoring, and analysis are continuously in place to detect and respond to potential security threats, safeguarding the platform and customer data.

1. Purpose

The purpose of this Security Information and Event Management (SIEM) Policy is to define how Eververse collects, correlates, and analyzes log data from critical systems in real-time. This policy ensures that Eververse can detect and respond to potential security threats or unauthorized access by continuously monitoring sensitive network devices, servers, applications, and databases.

2. Scope

This policy applies to all systems and services used by Eververse, including hosting infrastructure, databases, log management tool and any other sensitive network devices, applications, or cloud services that process or store sensitive data.

The policy applies to all employees, contractors, and third-party service providers with access to Eververse's systems.

3. SIEM Implementation

Eververse employs a Security Information and Event Management (SIEM) approach that integrates with existing monitoring tools to provide real-time log correlation, analysis, and alerting. This system helps detect potential security incidents, performance issues, and policy violations.

3.1 Real-Time Log Collection

Eververse collects log feeds from the following sources:

  • Network Devices: Firewalls, Web Application Firewalls (WAF), and load balancers log network traffic and security events.
  • Servers and Applications: Our hosting provider hosts application logs for the Eververse platform, capturing events such as access attempts, system errors, and traffic anomalies.
  • Databases: Our database provider offers detailed logs of database queries and changes, ensuring all sensitive data transactions are tracked.
  • Monitoring Tools: Our log drain provider offers real-time monitoring and alerting on application health, uptime, and abnormal behavior.

3.2 Log Aggregation and Centralization

  • All relevant logs are aggregated into a centralized SIEM system using our log drain provider. This centralization allows for unified monitoring, making it easier to detect and correlate events across multiple systems and services.
  • Logs are collected continuously and transmitted to the SIEM system with minimal latency, ensuring that any security events are captured as they occur.

3.3 Real-Time Correlation and Analysis

  • Correlation Rules: Eververse configures correlation rules in the SIEM system to automatically detect patterns of suspicious activity. These may include multiple failed login attempts, unusual IP addresses accessing the database, or a spike in network traffic.
  • Anomaly Detection: Our log drain provider’s anomaly detection is integrated with the SIEM system to highlight deviations from normal behavior in system performance, application logs, or user activity.

3.4 Security Event Alerts

  • Real-Time Alerts: The SIEM system generates real-time alerts based on predefined security rules and anomaly detection patterns. These alerts are sent to the Incident Response Team (IRT) via Slack or email, allowing for immediate investigation.
  • Custom Alerts: The security team can customize alerts to monitor specific types of activities, such as access to restricted areas, unauthorized changes to the database, or application vulnerabilities.
  • Prioritization: Alerts are prioritized based on severity, allowing the team to focus on critical issues that pose the highest risk to Eververse's operations and data.

4. Monitoring and Response

4.1 Continuous Monitoring

  • Eververse maintains 24/7 continuous monitoring of all systems integrated into the SIEM. This ensures that any security event, system failure, or performance issue is detected and acted upon without delay.
  • Monitoring covers network traffic, application performance, database queries, and access logs, enabling comprehensive visibility into Eververse's environment.

4.2 Incident Response

  • Incident Investigation: When an alert is triggered, the Incident Response Team (IRT) will investigate the cause of the alert. This involves reviewing logs, performing root cause analysis, and correlating events across the network and database systems.
  • Remediation: If a security event is confirmed, the IRT will follow the Incident Response Plan to contain, mitigate, and recover from the incident.
  • Post-Incident Review: Following any significant security event, a post-incident review will be conducted to identify lessons learned and ensure improvements to the SIEM system.

5. Log Retention and Security

  • Log Retention: All log data will be retained for a minimum of 12 months, or as required by legal, regulatory, or business needs. This ensures that sufficient historical data is available for analysis, audits, and incident investigations.
  • Data Encryption: Logs transmitted and stored in the SIEM system are encrypted to protect the integrity and confidentiality of the data.
  • Access Control: Access to the SIEM system is restricted to authorized personnel only, using Role-Based Access Control (RBAC) to ensure that logs and alerts are accessible only to those who need them.

6. Regular Audits and Testing

  • SIEM Audits: Regular audits of the SIEM system will be performed to ensure that all critical systems are being monitored, logs are being collected, and correlation rules are effective in detecting potential threats.
  • Penetration Testing: Annual penetration testing will be conducted to assess the SIEM system’s ability to detect and respond to threats. This helps identify weaknesses in event correlation, alerting, and response capabilities.

7. Responsibilities

  • Chief Information Security Officer (CISO): Oversees the SIEM system implementation, monitoring, and alerting processes.
  • IT and Security Teams: Responsible for managing the SIEM system, configuring correlation rules, and responding to alerts.
  • Incident Response Team (IRT): Investigates security incidents and takes corrective actions based on SIEM alerts.

8. Policy Review and Updates

This SIEM policy will be reviewed annually or whenever there are significant changes to Eververse’s infrastructure, security posture, or business requirements. Updates will be made as needed to ensure the ongoing effectiveness of the SIEM system.

9. Contact Information

For any questions or clarifications regarding this SIEM Policy, please contact us.

Get started for free

Explore problems, ideate solutions, prioritize features and plan your roadmap with the help of AI.

Get started for free
Eververse

Eververse

© Eververse 2024. All rights reserved.

HomeBlogPricingContactLegal
All systems normal