Skip to content

FAST Technology Utilizes SIEM Solutions

The Challenge

FAST came to Mission in need of a cost effective SIEM (Security Information & Event Management) solution for compliance and security concerns. They also needed a centralized logging solution to easily monitor and analyze large amounts of data.

"Mission delivered a customized security and monitoring solution to fit our exact needs. Mission is our trusted advisor for cloud architecting, extremely dependable, and flexible with our various projects over the past year."

Michael Murphy
Cloud Infrastructure Architect

The Solution

To meet all of FAST’s requirements, the Mission Cloud One team proposed implementing Mission SIEM, a platform that mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring, and Security Incident Management (SIM)/Security Information and Event Management (SIEM) together in a simple, powerful solution. Mission SIEM uses OSSEC, a host-based intrusion detection system (HIDS) that performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. This provided FAST with intrusion detection for most of their operating systems, including Linux, OpenBSD, FreeBSD, OS X, Solaris and Windows. In addition, OSSEC allows multiple systems to be easily monitored and managed. Mission SIEM also makes use of Wazuh, a HIDS used both for security detection, visibility and compliance monitoring. Wazuh is also integrated with ELK Stack to provide a more comprehensive solution. With ELK Stack, FAST was able to collect, parse, index, store, search, and present log data. In addition, ELK Stack provided a web frontend useful for gaining a high level dashboard view of events, as well as for performing advanced analytics and data mining deep into FAST’s store of event data.

Results

  • Continuous Compliance
  • Centralized Log Management
  • Wazuh HIDS Integration to ELK Stack