Review: Seceon soups up standard SIEM

The Open Threat Management Platform essentially acts as both an SIEM and a frontline security appliance. Thrifty firms may want to consider eliminating some of their other cybersecurity programs if they duplicate what the OTM is doing, especially if the OTM is consistently catching what they miss.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Security Information and Event Management (SIEM) systems have become cornerstones of most cybersecurity deployments, especially in larger environments where many disparate programs need somewhere to report alerts. Rather than tasking security analysts to watch over dozens of programs, the idea is to have them all report to a central, constantly monitored location.

The problem with standard SIEMs are twofold. First, on their own, they don’t do very much good. Some advanced platforms have their own monitoring abilities, but most simply collect information from whatever else is defending the network. Second, on the other end of the spectrum are organizations that have invested in potentially hundreds of security programs, or that are trying to protect hundreds of thousands of assets. For them, the SIEM gets easily overloaded, hiding some of the most important warnings in a sea of millions of other alerts.

The Open Threat Management Platform (OTM) from Seceon aims to simplify SIEM deployment, and potentially a lot of other security programs, for organizations at both ends of that spectrum. We tested OTM as both a standalone security product, and as an integrated part of a network of programs.

Seceon Dash John Breeden II

The top-level dashboard is clean and informative, but users can quickly drill down into specific concerns or alerts in just a few clicks.

Seceon can run completely on premises, in the cloud or in any hybrid environment. Once in place, it can collect information from a variety of sources. However, it also collects its own data and even has its own threat feed, which it uses to correlate with events occurring within a protected network. It reads all of the system and log files being generated by routers, firewalls and other communications equipment, and provides collector programs as agents for every Windows or Linux box. The collectors pull log and system files and send them into the pile of other data to be analyzed. If an organization wants to keep the full text of those logs, they can be copied and saved almost anywhere, even to slow tape drives for example, for full archiving.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.