RSEM Functionality

RSEM is a unique event management system that is built to identify attacks in real time. The RSEM platform utilises highly sophisticated correlation logic to detect an attack that is concealed in various forms and aptterns. RSEM's correlation module works on various levels to achieve this coherence in attack mitigation. This correlation module is a part of the threat management system of the RSEM module.

Following are the correlation levels of RSEM:

Multi level correlation module

RSEM correlates the logs obtained from multiple NAGs, multiple IDS/IPS, firewalls, and other assets & devices that give information about multiple nodes of the organization are collected in the log collectors where RSEM is deployed. These different logs from different devices residing in a single or multiple log collectors are correlated with the available information in the CNAM engine and also with the global security intelligence feeds that the CNAM engine provides and identifies any and all the attack patterns to secure the organization's network.

Multi site correlation module

The multi site correlation feature enables an organization to collaborate and correlate the logs from multiple sites where the organization functions and thus ensures congruence and intelligence sharing among those sites. Thus an attack detected at one site is automatically prevented at the organization's other sites. RSEM correlates logs from different sites, with the available information in the CSIEM engine and with the global security intelligence feeds that the CSIEM engine provides and identifies any and all the attack patterns to secure the organizations network.

Multi group correlation module

RSEM also supports the correlation feature between groups of organization which in turn is constituted of multi level and multi site correlation. It collaborates and correlates logs from multiple organizations, with the available information in the CNAM engine and global security intelligence feeds that the CSIEM engine provides and identifies any and all the attack patterns to secure the organizations network.

Besides the existing levels of correlation, RSEM also performs multi CNAM correlation that enables the organisations to prevent information sharing with the other organisations but facilitates utilisation of all the information from them. Netmonastery provides independent CNAM engines for such organisations.

RSEM also utilises the global intelligence feeds that are constantly updated in its CNAM engine.